Hackers targeting unpatched Microsoft DirectShow flaw

By SearchSecurity.com staff 29 May 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft released a security advisory Thursday warning of a new vulnerability in its DirectShow media-streaming architecture for Windows that could allow an attacker to execute code remotely.

The flaw, which Microsoft said is being actively exploited in limited attacks, affects Windows XP, Windows 2000, and Windows Server 2003. Windows Vista and Windows Server 2008 are not affected.

The vulnerability is in the QuickTime parser in DirectShow, according to Microsoft's Security Response Center.

"An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in email," Christopher Budd, security program manager at MSRC, wrote in a blog post.

While the flaw isn't a browser vulnerability, "a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow," he said. Also, it's possible to direct calls to DirectShow even if Apple's QuickTime is installed, he added.

An attacker who successfully exploits the vulnerability could gain the same user rights as the local user, according to Microsoft.

Microsoft posted workarounds in its advisory. More details on the workarounds are available from Microsoft's Security Research and Defense blog.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary