Microsoft issues quick fix for critical vulnerability in DirectShow
Microsoft has officially confirmed the new vulnerability in DirectShow and has provided a fix-it tool that gives users an easy way to switch off either the vulnerable control or system support for it. Microsoft says although more detailed investigations have shown that the control is more or less superfluous in standard configurations, it's also issuing a tool to switch the control on again for when a patch becomes available. The control is a component of DirectShow and is used in Windows Media Center, for example, to record and playback TV streams.
Microsoft is already working on a patch and will release it when it meets the quality requirements for broad distribution. The vulnerability allows attackers to inject code into a victim's system and run it with the user's rights when a specially crafted web site is visited. Seemingly harmless web sites can also infect a victim's PC if they have been surreptitiously manipulated by criminals. Symantec says it has already observed thousands of web sites that contain the exploit code. According to reports, even the web site for the Russian embassy in Washington contains the malicious code.
The vulnerability affects Windows XP and Windows Server 2003 systems. Microsoft advises that although Vista and Windows Server 2008 users are not directly vulnerable, it recommends they also disable support for the control by deleting more than 40 "Class Identifiers". Fortunately, the fix-it tool will do this.
- Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution, security advisory from Microsoft.
- Web pages infect Windows PCs via new DirectShow hole, a report from The H.