Advertisement
Promo

Security threats Toolkit

Microsoft to patch DirectX hole

Elinor Mills CNET News

Published: 29 May 2009 08:31 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft on Thursday said it is working on a security patch for a vulnerability in its DirectX streaming media technology in Windows. The flaw could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.

The remote-code execution vulnerability exists in the way Microsoft DirectShow, audio and video sourcing and rendering software handles supported QuickTime format files, the company said.

"Microsoft is aware of limited, active attacks that use this exploit code," Microsoft's security advisory said. "If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable but all versions of Windows Vista and Windows Server 2008 are not vulnerable, according to the advisory.

For the attack to work, an attacker would have to lure the victim to visit a malicious website that hosts the exploit. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

Microsoft said it would release a patch to fix the hole as soon as it is ready for broad distribution. In the meantime, details on a workaround are available on Microsoft's support site, as well a 'fix it' button.

Credit: Microsoft to patch new DirectX hole from CNET News

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
3 out of 3 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

1 comment

  1. vulnerability is automatically being activated wit... lumension

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

C++ Developer (Unix ) - High Frequency Prop Trading Strategies -URGENT

FIX Connectivity Developer

IT Support Analyst

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment

Watchdog reveals illegal sale of phone...

The Information Commissioner's Office is preparing a prosecution file against a mobile operator's employees who allegedly sold on thousands of customers' details to a competitor. The... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters