Skip Links

Network World

Julie Bort

Microsoft warns of DirectX attack on XP, WS2003 in the wild

By Microsoft Subnet on Fri, 05/29/09 - 6:39pm.
Newsletter Signup

Attacks in the wild have already been seen for a vulnerability in DirectX for which Microsoft does not yet have a patch, Microsoft says. XP, Windows 2003 software are vulnerable, as are older versions of Windows (such as Windows Server 2000). Vista, Windows Server 2008 and later versions of Windows are not vulnerable.

The hole is in the quartz.dll in that it could allow an attacker to strike through QuickTime playback plug-ins for any browser using the affected platform -- even if QuickTime is not installed, reports Betanews.com. The issue is with the QuickTime Movie Parser Filter that DirectShow uses to process files in the quartz.dll file.

Three workarounds are available until a patch is ready, according to the Microsoft Security advisory.

Disable the parsing of QuickTime content in quartz.dll
Modify the Access Control List (ACL) on quartz.dll
Unregister quartz.dll

 

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Microsoft Subnet Blog

The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, and is written by Online Community editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.

(OS community)
RSS feed (Microsoft RSS feed)

Blog Roll
Microsoft Subnet Home Page
http://www.networkworld.com/subnets/microsoft/
All Microsoft Subnet bloggers
http://www.networkworld.com/community/blogs/microsoft/feed
ActiveWin
http://www.activewin.com
Blake Handler The Road to Know Where
http://bhandler.spaces.live.com/
Dmitry's PowerBlog
http://dmitrysotnikov.wordpress.com/
Doug Brown,DABCC
http://www.dabcc.com
Ed Bott's Windows Expertise
http://www.edbott.com/weblog/
Joseph Tartakoff Microsoft Blog
http://blog.seattlepi.nwsource.com/microsoft/
Long Zheng istartedsomething
http://www.istartedsomething.com/
Mini-Microsoft
http://minimsft.blogspot.com/
Paul Thurrott's Supersite for Windows
http://www.winsupersite.com
Robert McLaws WindowsNow
http://www.windows-now.com
Scobleizer
http://scobleizer.com/
Techmeme
http://www.techmeme.com/
Todd Bishop's Microsoft Blog
http://www.techflash.com/Microsoft