To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.
Microsoft plans to issue six updates next week, including several critical patches that address two zero-day flaws that are being actively targeted by attackers.
In its advance notification issued today, the software giant said it planned to release updates July 14, addressing a zero-day vulnerability in its DirectShow video streaming software identified in May as well as a new Video Controller ActiveX control being actively targeted in ongoing attacks.
Three critical updates affect errors in Windows and three important updates address vulnerabilities affecting Microsoft Publisher, the Internet Security and Acceleration (ISA) Server and Virtual PC and Virtual Server.
According to Microsoft security program manager Jerry Bryant, engineering teams have been working around the clock to produce and test an update to address the Microsoft Video ActiveX Control zero-day, acknowledged in a security advisory issued on Monday. The ActiveX Control msvidctl.dll is remotely exploitable with little user interaction when browsing with Internet Explorer. The control connects to Microsoft DirectShow filters and is used by Windows Media Center to build filter graphs for recording and playing television video.
Many IPS and antivirus vendors have issued signatures to protect against the attacks. Harry Sverdlove, chief technology officer of application whitelisting vendor Bit9, Inc., said there was a period of time when there was no detection or antivirus protection from this attack. Microsoft is also encouraging users to implement workarounds.
"While it is still somewhat early, we have not detected any significant spike in occurrences of this particular attack," Sverdlove said. "At least in the United States and Europe, the attack appears to be limited so far."
Also being addressed is a DirectShow flaw being actively targeted in May. The flaw in the DirectShow media-streaming architecture for Windows is in the QuickTime parser in DirectShow. It could allow an attacker to execute code remotely.
The flaws, which Microsoft said are being actively exploited in limited attacks, affect Windows XP, Windows 2000, and Windows Server 2003. For both vulnerabilities, Windows Vista and Windows Server 2008 are not affected.
Microsoft also acknowledged that one of the three critical updates for Windows will require a restart. Both the ISA Server and Virtual PC/Virtual Server updates also require restarts.