Microsoft Warns About DirectX Exploit

Yesterday, the "Bringer of Bing" (aka Microsoft) issued a security advisory that reports on a new vulnerability in Microsoft DirectX, specifically in Microsoft DirectShow.

While DirectX security flaws are not uncommon, end-users generally receive alerts stemming from other Windows OS and Internet Explorer vulnerabilities; DirectX is usually associated with PC gaming. However, in the case of this incident, Microsoft says that the problem is limited, but remains quite active.

According to the company, the DirectX vulnerability allows remote code execution if the end-user opens a specially crafted QuickTime media file. Current investigations reveal that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are highly susceptible to an attack; Windows Vista and Windows Server 2008 are not vulnerable. Microsoft also said that if successful, the attacker could gain the same user rights as the local user. Consumers whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

"In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability," the company said, describing a mitigating factor. "An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions."

While the company is currently working on a patch, Microsoft has provided an auto workaround here that can be used by way of a simple click. The fix actually disables QuickTime parsing automatically, however consumer who wish to do so manually will need to read the directions, as it involves altering the registry.