RSSMicrosoft reports high-risk vulnerability in DirectX
By Angela Gunn | Published May 29, 2009, 6:27 AM
Pre-Vista versions of Windows are vulnerable to a hole in Microsoft DirectX that's currently under limited attack, the company has announced. The vulnerability in quartz.dll could allow an attacker to strike through QuickTime playback plug-ins for any browser using the affected platform.
The problem, according to the security advisory, lies in the QuickTime Movie Parser Filter that DirectShow uses to process files in that format, specifically in the quartz.dll file. It's available for exploitation even if the system doesn't have QuickTime installed. For the moment, there's no patch, but a post on Microsoft's Security Research & Defense blog details the currently recommended workarounds.
As English is not my first language, I'm probably worng, but wouldn't it better if the start of the first paragraph was:
Pre-Vista version(s) of Windows.
Score: 0
|Your English is just fine and you're not wrong at all, lastjuan (still love that username!). Corrected with thanks.
Score: 0
|Saying it is in DirectX while accurate is blowing it out of proportions. Yes DirectShow is technically a part of DirectX; but so is DirectSound.
The QuickTime Movie Parser is more than 10 years old, I'm not at all surprised it has logic holes. Legacy code for a legacy feature.
Score: 1
|Hell, DX9 is what...6 years old already?
Score: 0
|True but we are talking about a feature that targeted Windows 95.
Score: 0
|Which of course is why hackers are targeting it - it's a low-profile module which seems to have slipped through all of MS' security reviews.
Score: 2
|.0b, 9.0c, countless security patches, and of course...
"Microsoft's Security Research & Defense blog details the currently recommended workarounds."
Yeah...they've done *nothing*... ;)
Let's not even bring up DX10 and 11, shall we?
Score: 0
|