Advertisement
Promo

Security threats Toolkit

Story: Microsoft to patch DirectX hole

  • Previous comment

Posted by: lumension (Friday 29 May 2009, 5:17 PM)

  • Reply

vulnerability is automatically being activated without user intervention

This vulnerability involving a Direct X component of Microsoft’s Windows QuickTime Parser is facilitating current drive-by hacking incidents. It is reported that the vulnerability is automatically being activated without user intervention when a user simply browses a website that contains a maliciously crafted QuickTime file and can provide the hacker with complete control over the compromised PC.

Windows 2000, XP and Server 2003 users are at risk and as Vista and later versions of Windows do not use the vulnerable code “QuickTime Parser” they are not impacted.

Microsoft has taken a rather unique approach to the issue by setting up a Web link that can automatically make the necessary registry changes to facilitate a workaround until a patch is officially released.

Home users are encouraged to use the Microsoft automatic workaround solution & enterprise users should consider an immediate implementation of the managed deployment script in order to maximise risk mitigation until an official patch is released by Microsoft.

Private message disabled

lumension

lumension
LONDON, UK
Member since: October 2008

Site Activity Rating:

3

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread


Video icon

Video

Sentry Posts Blog

INIFiles: Getting those legacy files i...

Handling INI files can be a little tricky these days when you have to consider new security restrictions, virtualized environment restrictions (App-V and Citrix) and legacy applications... More

Post a comment

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters