Advertisement
Promo

Security threats Toolkit

In association with Network Liberation Movement

Talkback

Post a comment


Story: Microsoft to patch DirectX hole

  • Previous comment

Posted by: lumension (Friday 29 May 2009, 5:17 PM)

  • Reply

vulnerability is automatically being activated without user intervention

This vulnerability involving a Direct X component of Microsoft’s Windows QuickTime Parser is facilitating current drive-by hacking incidents. It is reported that the vulnerability is automatically being activated without user intervention when a user simply browses a website that contains a maliciously crafted QuickTime file and can provide the hacker with complete control over the compromised PC.

Windows 2000, XP and Server 2003 users are at risk and as Vista and later versions of Windows do not use the vulnerable code “QuickTime Parser” they are not impacted.

Microsoft has taken a rather unique approach to the issue by setting up a Web link that can automatically make the necessary registry changes to facilitate a workaround until a patch is officially released.

Home users are encouraged to use the Microsoft automatic workaround solution & enterprise users should consider an immediate implementation of the managed deployment script in order to maximise risk mitigation until an official patch is released by Microsoft.

View complete profile

Private message disabled

View all posts

lumension

lumension
LONDON, UK
Member since: October 2008

Site Activity Rating:

3

 


  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats



Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

INIFiles: Getting those legacy files i...

Handling INI files can be a little tricky these days when you have to consider new security restrictions, virtualized environment restrictions (App-V and Citrix) and legacy applications... More

Post a comment

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters