Microsoft to address DirectShow, ActiveX zero-day flaws

By Robert Westervelt, News Editor 09 Jul 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In its advance notification issued today, the software giant said it planned to release updates July 14, addressing a zero-day vulnerability in its DirectShow video streaming software identified in May as well as a new Video Controller ActiveX control being actively targeted in ongoing attacks.

Three critical updates affect errors in Windows and three important updates address vulnerabilities affecting Microsoft Publisher, the Internet Security and Acceleration (ISA) Server and Virtual PC and Virtual Server.

According to Microsoft security program manager Jerry Bryant, engineering teams have been working around the clock to produce and test an update to address the Microsoft Video ActiveX Control zero-day, acknowledged in a security advisory issued on Monday. The ActiveX Control msvidctl.dll is remotely exploitable with little user interaction when browsing with Internet Explorer. The control connects to Microsoft DirectShow filters and is used by Windows Media Center to build filter graphs for recording and playing television video.

Many IPS and antivirus vendors have issued signatures to protect against the attacks. Harry Sverdlove, chief technology officer of application whitelisting vendor Bit9, Inc., said there was a period of time when there was no detection or antivirus protection from this attack. Microsoft is also encouraging users to implement workarounds.

SearchSecurity radio:

"While it is still somewhat early, we have not detected any significant spike in occurrences of this particular attack," Sverdlove said. "At least in the United States and Europe, the attack appears to be limited so far."

Also being addressed is a DirectShow flaw being actively targeted in May. The flaw in the DirectShow media-streaming architecture for Windows is in the QuickTime parser in DirectShow. It could allow an attacker to execute code remotely.

The flaws, which Microsoft said are being actively exploited in limited attacks, affect Windows XP, Windows 2000, and Windows Server 2003. For both vulnerabilities, Windows Vista and Windows Server 2008 are not affected.

Microsoft also acknowledged that one of the three critical updates for Windows will require a restart. Both the ISA Server and Virtual PC/Virtual Server updates also require restarts.

Tags: Windows Security: Alerts, Updates and Best Practices,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary