Advertisement
Promo

Security threats Toolkit

In association with HP

Talkback

Post a comment


Story: Microsoft to patch DirectX hole

  • Previous comment

Posted by: lumension (Friday 29 May 2009, 5:17 PM)

  • Reply

vulnerability is automatically being activated without user intervention

This vulnerability involving a Direct X component of Microsoft’s Windows QuickTime Parser is facilitating current drive-by hacking incidents. It is reported that the vulnerability is automatically being activated without user intervention when a user simply browses a website that contains a maliciously crafted QuickTime file and can provide the hacker with complete control over the compromised PC.

Windows 2000, XP and Server 2003 users are at risk and as Vista and later versions of Windows do not use the vulnerable code “QuickTime Parser” they are not impacted.

Microsoft has taken a rather unique approach to the issue by setting up a Web link that can automatically make the necessary registry changes to facilitate a workaround until a patch is officially released.

Home users are encouraged to use the Microsoft automatic workaround solution & enterprise users should consider an immediate implementation of the managed deployment script in order to maximise risk mitigation until an official patch is released by Microsoft.

View complete profile

Private message disabled

View all posts

lumension

lumension
LONDON, UK
Member since: October 2008

Site Activity Rating:

3

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats



Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters