DirectX suffers zero-day vuln

June 1, 2009 // 9:38 a.m.

Tags: #crack #cracker #directshow #directx #microsoft #quartzdll #quicktime #security #vulnerability #windows

Microsoft has warned users that an as-yet unpatched vulnerability in DirectX is under attack from ne'er-do-wells.

In a Security Bulletin on the company's website – found via BetaNews – the company warns that a vulnerability in the quartz.dll library which ships with DirectX for the parsing of QuickTime format video files. A successful attack against the vulnerability can lead to remote code execution.

The flaw affects all versions of Windows prior to Windows Vista – including Windows 2000 Service Pack 4 and Windows XP. Server editions prior to Windows Server 2008 are also vulnerable.

The attack requires that a specially crafted QuickTime media file is opened by the target – so a silent attack that requires no user interaction is not thought to be possible. That said, once the user has opened a malicious QuickTime file, the vulnerability results in code execution at the same privilege level as the user's account – most commonly full administrator rights.

So far, Microsoft has not developed a patch to fix this vulnerability. In a post to the company's security blog several workarounds are, however, offered. The easiest workaround is to delete the HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A} registry key, which disables QuickTime parsing via quartz.dll and prevents the malicious code from executing. Sadly, this also means that QuickTime playback via DirectShow is disabled – although if you're using another method to play these files, there are no other ill effects.

Should Microsoft break with tradition and launch an out-of-cycle patch for this vulnerability, or is it non-urgent enough to wait – despite being actively exploited in the wild? Share your thoughts over in the forums.
Discuss this in the forums

QUICK COMMENT

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU