Microsoft to address DirectShow, ActiveX zero-day flaws

Article

Microsoft to address DirectShow, ActiveX zero-day flaws

Robert Westervelt, News Editor

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.
Microsoft plans to issue six updates next week, including several critical patches that address two zero-day flaws that are being actively targeted by attackers.

In its advance notification issued today, the software giant said it planned to release updates July 14, addressing a zero-day vulnerability in its DirectShow video streaming software identified in May as well as a new Video Controller ActiveX control being actively targeted in ongoing attacks.

Three critical updates affect errors in Windows and three important updates address vulnerabilities affecting Microsoft Publisher, the Internet Security and Acceleration (ISA) Server and Virtual PC and Virtual Server.

According to Microsoft security program manager Jerry Bryant, engineering teams have been working around the clock to produce and test an update to address the Microsoft Video ActiveX Control zero-day, acknowledged in a security advisory issued on Monday. The ActiveX Control msvidctl.dll is remotely exploitable with little user interaction when browsing with Internet Explorer. The control connects to Microsoft DirectShow filters and is used by Windows Media Center to build filter graphs for recording and playing television video.

Many IPS and antivirus vendors have issued signatures to protect against the attacks. Harry Sverdlove, chief technology officer of application whitelisting vendor Bit9, Inc., said there was a period of time when there was no detection or antivirus protection from this attack. Microsoft is also encouraging users to implement workarounds.

SearchSecurity radio:

"While it is still somewhat early, we have not detected any significant spike in occurrences of this particular attack," Sverdlove said. "At least in the United States and Europe, the attack appears to be limited so far."

Also being addressed is a DirectShow flaw being actively targeted in May. The flaw in the DirectShow media-streaming architecture for Windows is in the QuickTime parser in DirectShow. It could allow an attacker to execute code remotely.

The flaws, which Microsoft said are being actively exploited in limited attacks, affect Windows XP, Windows 2000, and Windows Server 2003. For both vulnerabilities, Windows Vista and Windows Server 2008 are not affected.

Microsoft also acknowledged that one of the three critical updates for Windows will require a restart. Both the ISA Server and Virtual PC/Virtual Server updates also require restarts.