Network News

X My Profile
View More Activity

Microsoft Warns of Attacks on Unpatched Windows Flaw

Microsoft is warning that hackers are using booby-trapped QuickTime media files to exploit a newly discovered security hole in Windows 2000, Windows XP, and Windows Server 2003 systems.

Microsoft said it is aware of "limited attacks" against an unpatched vulnerability in a Windows DirectShow component designed to process QuickTime files. The vulnerability is present in those operating systems and can be exploited whether or not users have QuickTime installed.

From a post on the Microsoft's Security Research & Defense blog:

The vulnerability is in the DirectShow platform (quartz.dll). While the vulnerability is NOT in IE or other browsers, a browse-and-get-owned attack vector does exist here via the media playback plug-ins of browsers. The attacker could construct a malicious webpage which uses the media playback plug-ins to playback a malicious QuickTime file to reach the vulnerability in Quartz.dll. Please note this type of attack could happen for any browsers, not IE specific.

There is also a file-based attack vector by opening a malicious QuickTime file via Windows Media Player to trigger the vulnerability.

Redmond says it's working on a patch to plug the hole. In the meantime, affected users have a fairly painless interim fix for this threat. If you're running Windows 2000, XP or Windows Server 2003, visit this link and click the "Fix It" button. That will download a Microsoft installer (.msi) file. Run that, and it should disable the vulnerable component. If you are running Windows under a limited user account, as I often advise, it's easiest to install the fix while logged in as administrator.


According to Microsoft, this is not a threat for later versions of Windows, because the vulnerable code was removed as part of the company's work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.

By Brian Krebs  |  June 1, 2009; 7:15 AM ET
Categories:  Latest Warnings , New Patches , Safety Tips  | Tags: microsoft 0day  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Obama: Cyber Security is a National Security Priority
Next: Beladen Loads Hacked Web Sites With Badness


You mean click "fix it", not "fit it". :)

Posted by: rlescaille | June 1, 2009 12:01 PM | Report abuse

er...yeah. What you said. I will...uh..."fix" it. Thanks!

Posted by: BTKrebs | June 1, 2009 12:04 PM | Report abuse

Thanks, Brian. I count on you for this kind of stuff.

Posted by: shadowshopper1981 | June 2, 2009 10:55 AM | Report abuse

Thanks for the timely alert, Brian.

Posted by: Dawny_Chambers | June 2, 2009 11:20 AM | Report abuse

Tired of endless patching? Try Linux, the safe yet no-cost operating system- or .

Posted by: hairguy01 | June 2, 2009 4:37 PM | Report abuse

Heh. This news is not exactly going to make converts out of people who have long bashed Apple for the somewhat disastrous experience that is QuickTime under the Windows platform...

Posted by: kennedye | June 2, 2009 5:30 PM | Report abuse

It should be noted that the "fix" completely disables 'Quicktime', which is, unfortunately, a necessary component of many video editing and 3D/Graphics animation suites, such as Adobe Premier, etc.

So, if you use any of these types of programs, better forget the fix and beef up your firewall.

For those that don't want to have their system invaded by a load of bulky, memory-snatching firewall programs, I can recommend a simple, free outbound port blocker that simply blocks any sort of malware or trojan from connecting to the internet while at the same time telling you what sort of program is trying to do so.

Proxy Firewall:


Posted by: Frank57 | June 2, 2009 7:24 PM | Report abuse

hairguy01, you mean you've never had to patch Ubuntu? Loser.

Posted by: wangbang747 | June 2, 2009 9:27 PM | Report abuse

janeseven's post above is spam.

Posted by: Heron | June 2, 2009 10:23 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company