Microsoft To Patch New Directx Hole


Recommended Posts

The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file.

By Thomas Claburn

InformationWeek

May 28, 2009 06:00 PM

"Microsoft on Thursday issued a security advisory stating that it's investigating reports of a vulnerability in Microsoft DirectX, the company's APIs for games and multimedia.

The company said that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable and that Windows Vista and Windows Server 2008 are not vulnerable.

The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file or to visit a Web page that features QuickTime media file of this sort"

full story at IWeek - . http://www.informationweek.com/news/securi...cleID=217700719

>>>>>>>>>>>>>>>>>>>>>>>

May 28, 2009 2:24 PM PDT

Microsoft to patch new DirectX hole

by Elinor Mills

"Microsoft on Thursday said it is working on a security patch for a vulnerability in its DirectX streaming media technology in Windows that could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.

The remote code execution vulnerability exists in the way Microsoft DirectShow, audio and video sourcing and rendering software, handles supported QuickTime format files, the company said.

"Microsoft is aware of limited, active attacks that use this exploit code," Microsoft's security advisory said. "If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The vulnerability is not in Apple's QuickTime media software or in Microsoft Internet Explorer browser; it's in the DirectShow platform (quartz.dll). Nonetheless, Web browsers -- Internet Explorer and others -- represent an avenue of potential infection for users of vulnerable versions of Windows. "

Read more at CNET - http://news.cnet.com/security/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...