Friday, May 29, 2009

Microsoft Security Advisory 971778

Microsoft has released Security Advisory 971778 directed to a vulnerability in Microsoft DirectShow which could allow remote code execution if a specially crafted QuickTime media file is opened.

Microsoft is aware of limited, active attacks that use this exploit code. At this point in the investigation so far Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable. All versions of Windows Vista and Windows Server 2008 are not vulnerable.

Work-around Options:
  1. If you are using Windows 2000, SP4, Windows XP or Windows Server 2003, please see the Fix it provided to disables QuickTime parsing. After a security update is released, return to this link and click the automatically on a computer that is running Windows 2000, Windows XP or Windows Server 2003, click the "disable workaround".
  2. Use WinPatrol to disable QuickTime. See WinPatrol Features.

References:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

3 comments:

Anonymous said...

Corrine,

Do you know if this applies to those of us who use Quicktime Alternative?

Thanks for keeping us informed!

Brian (AKA The Dean)

Corrine said...

Hi, Brian.

Since the vulnerability is directed to "a specially crafted QuickTime media file" and not a media file viewed with the Apple QuickTime program, I would suggest that it does apply.

Anonymous said...

Thanks. Patch applied!

-Brian (AKA The Dean)