Saturday, June 6, 2009

Microsoft Releases Security Advisory 971778

Microsoft has released security advisory 971778 indicating that it is investigating public reports of a vulnerability in DirectX. This vulnerability exists in the way Microsoft DirectShow handles QuickTime files and does not require Apple QuickTime to be installed on the system. By convincing a user to open a specially crafted QuickTime media file, a remote attacker may be able to execute arbitrary code. Additionally, the advisory indicates that Microsoft Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable.

We encourages users and administrators to review Microsoft security advisory 971778 and apply the workarounds provided in the document to help mitigate the risks.


No comments: