DirectX suffers zero-day vuln

Author: Gareth Halfacree
Published: 1st June 2009
Comments (6) Stumble
DirectX suffers zero-day vuln

The handling of QuickTime format media files via DirectShow can lead to remote code execution on Windows versions prior to Vista.

Microsoft has warned users that an as-yet unpatched vulnerability in DirectX is under attack from ne'er-do-wells.

In a Security Bulletin on the company's website – found via BetaNews – the company warns that a vulnerability in the quartz.dll library which ships with DirectX for the parsing of QuickTime format video files. A successful attack against the vulnerability can lead to remote code execution.

The flaw affects all versions of Windows prior to Windows Vista – including Windows 2000 Service Pack 4 and Windows XP. Server editions prior to Windows Server 2008 are also vulnerable.

The attack requires that a specially crafted QuickTime media file is opened by the target – so a silent attack that requires no user interaction is not thought to be possible. That said, once the user has opened a malicious QuickTime file, the vulnerability results in code execution at the same privilege level as the user's account – most commonly full administrator rights.

So far, Microsoft has not developed a patch to fix this vulnerability. In a post to the company's security blog several workarounds are, however, offered. The easiest workaround is to delete the HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A} registry key, which disables QuickTime parsing via quartz.dll and prevents the malicious code from executing. Sadly, this also means that QuickTime playback via DirectShow is disabled – although if you're using another method to play these files, there are no other ill effects.

Should Microsoft break with tradition and launch an out-of-cycle patch for this vulnerability, or is it non-urgent enough to wait – despite being actively exploited in the wild? Share your thoughts over in the forums.
Quote andatche 1st June 2009, 09:51
bit-tech suffers week old news vuln
Quote Jamie 1st June 2009, 10:15
Why on earth do servers need to run DirectX?
Quote iggy2k 1st June 2009, 10:57
parsing quicktime files, obviously.
Quote Gareth Halfacree 1st June 2009, 11:58
Quote:
Originally Posted by andatche
bit-tech suffers week old news vuln
Funny weeks you have, mate - Microsoft only reported this on the 28th.
Quote Paradigm Shifter 1st June 2009, 12:52
Well the workaround is nice and easy.
Quote nicae 2nd June 2009, 12:33
Maybe we should just skip everything that's quicktime.
Oh, wait. I already do that.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.





Dragonage