In association with heise online

07 July 2009, 10:05

Microsoft issues quick fix for critical vulnerability in DirectShow

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft has officially confirmed the new vulnerability in DirectShow and has provided a fix-it tool that gives users an easy way to switch off either the vulnerable control or system support for it. Microsoft says although more detailed investigations have shown that the control is more or less superfluous in standard configurations, it's also issuing a tool to switch the control on again for when a patch becomes available. The control is a component of DirectShow and is used in Windows Media Center, for example, to record and playback TV streams.

Microsoft is already working on a patch and will release it when it meets the quality requirements for broad distribution. The vulnerability allows attackers to inject code into a victim's system and run it with the user's rights when a specially crafted web site is visited. Seemingly harmless web sites can also infect a victim's PC if they have been surreptitiously manipulated by criminals. Symantec says it has already observed thousands of web sites that contain the exploit code. According to reports, even the web site for the Russian embassy in Washington contains the malicious code.

The vulnerability affects Windows XP and Windows Server 2003 systems. Microsoft advises that although Vista and Windows Server 2008 users are not directly vulnerable, it recommends they also disable support for the control by deleting more than 40 "Class Identifiers". Fortunately, the fix-it tool will do this.

The current exploits use heap-spraying techniques based on JavaScript to distribute the code over the heap and start it running. So a useful short-term solution is to disable JavaScript to render attacks ineffective. Using a different browser is also an alternative. Although Microsoft doesn't mention it, Symantec says switching to Internet Explorer 8 also offers protection.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit