Microsoft warns of DirectX attack on XP, WS2003 in the wild

Attacks in the wild have already been seen for a vulnerability in DirectX for which Microsoft does not yet have a patch, Microsoft says. XP, Windows 2003 software are vulnerable, as are older versions of Windows (such as Windows Server 2000). Vista, Windows Server 2008 and later versions of Windows are not vulnerable.

The hole is in the quartz.dll in that it could allow an attacker to strike through QuickTime playback plug-ins for any browser using the affected platform -- even if QuickTime is not installed, reports The issue is with the QuickTime Movie Parser Filter that DirectShow uses to process files in the quartz.dll file.

Three workarounds are available until a patch is ready, according to the Microsoft Security advisory.

Disable the parsing of QuickTime content in quartz.dll
Modify the Access Control List (ACL) on quartz.dll
Unregister quartz.dll
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey: The results are in