Microsoft® recently issued a security advisory to Windows® users around the world, announcing one newly discovered security vulnerability in Microsoft® DirectX graphics acceleration module. More specifically put the vulnerability is related to the Microsoft® DirectShow sub-module, which allows users to directly and automatically play streaming videos in QuickTime or Real Player on their browser.
Security flaws and bugs being found in DirectX is not a new phenomenon. These bugs have been found to cause lockups and crashes in PC games. Microsoft® has often plugged those loopholes in their patches. However, allowing malware and spyware into the user’s PC isn’t something that DirectX has done before. Microsoft® has warned that this new security vulnerability has limited application for hackers, but is quite an active threat for users anyway.
According to Microsoft®, the vulnerability allows malicious code to be remotely executed, if the user opens a special QuickTime video file, which has code embedded into it. All versions of Windows® 2000 SP4, Windows® XP, and Windows® Server 2003 are quite vulnerable to the attack. Windows® Vista and Windows® Server 2008 users are immune to the effects of the malware. On a successful attack, the attacker will possibly gain the exact user rights over the infected PC as the user who is currently logged in. The situation implies that users with administrator privileges are more at risk than users with limited user rights.
Microsoft®, however, has assured users that, “in a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.”
Microsoft® is presently working on a patch to patch up the exploit. In the meantime, they have provided a workaround fix that can be run with a single click. The fix automatically disables QuickTime parsing. Users who wish to do it manually are free to do so, but they will have to read the instructions carefully beforehand, as the manual fixing involves editing the Windows® registry.