Microsoft has warned users that an as-yet unpatched vulnerability in DirectX is under attack from ne'er-do-wells.
In a
Security Bulletin on the company's website – found via
BetaNews – the company warns that a vulnerability in the
quartz.dll library which ships with DirectX for the parsing of QuickTime format video files. A successful attack against the vulnerability can lead to remote code execution.
The flaw affects all versions of Windows prior to Windows Vista – including Windows 2000 Service Pack 4 and Windows XP. Server editions prior to Windows Server 2008 are also vulnerable.
The attack requires that a specially crafted QuickTime media file is opened by the target – so a silent attack that requires no user interaction is not thought to be possible. That said, once the user has opened a malicious QuickTime file, the vulnerability results in code execution at the same privilege level as the user's account – most commonly full administrator rights.
So far, Microsoft has not developed a patch to fix this vulnerability. In a post to the company's
security blog several workarounds are, however, offered. The easiest workaround is to delete the
HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A} registry key, which disables QuickTime parsing via
quartz.dll and prevents the malicious code from executing. Sadly, this also means that QuickTime playback via DirectShow is disabled – although if you're using another method to play these files, there are no other ill effects.
Should Microsoft break with tradition and launch an out-of-cycle patch for this vulnerability, or is it non-urgent enough to wait – despite being actively exploited in the wild? Share your thoughts over in
the forums.
Want to comment? Please log in.