DirectX suffers zero-day vuln

June 1, 2009 // 9:38 a.m.

Tags: #crack #cracker #directshow #directx #quicktime #security #vulnerability #windows

Microsoft has warned users that an as-yet unpatched vulnerability in DirectX is under attack from ne'er-do-wells.

In a Security Bulletin on the company's website – found via BetaNews – the company warns that a vulnerability in the quartz.dll library which ships with DirectX for the parsing of QuickTime format video files. A successful attack against the vulnerability can lead to remote code execution.

The flaw affects all versions of Windows prior to Windows Vista – including Windows 2000 Service Pack 4 and Windows XP. Server editions prior to Windows Server 2008 are also vulnerable.

The attack requires that a specially crafted QuickTime media file is opened by the target – so a silent attack that requires no user interaction is not thought to be possible. That said, once the user has opened a malicious QuickTime file, the vulnerability results in code execution at the same privilege level as the user's account – most commonly full administrator rights.

So far, Microsoft has not developed a patch to fix this vulnerability. In a post to the company's security blog several workarounds are, however, offered. The easiest workaround is to delete the HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A} registry key, which disables QuickTime parsing via quartz.dll and prevents the malicious code from executing. Sadly, this also means that QuickTime playback via DirectShow is disabled – although if you're using another method to play these files, there are no other ill effects.

Should Microsoft break with tradition and launch an out-of-cycle patch for this vulnerability, or is it non-urgent enough to wait – despite being actively exploited in the wild? Share your thoughts over in the forums.
Discuss this in the forums