Microsoft Sets Warning Over the DirectShow Vulnerability

By Partho, Gaea News Network
Friday, May 29, 2009

directshowMicrosoft has reported a vulnerability in its DirectShow, in some versions of Windows. DirectShow is Microsoft’s framework for playing different media types such as games and multimedia. The software giant revealed that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable to this issue. However,  Windows Vista and Windows Server 2008 would be unaffected by the crisis. The attacks are conceived to be generated from the malicious QuickTime media files.

According to Microsoft the flaw could allows an attacker to execute malicious code by duping or confusing the user to open the infected QuickTime media file or visit a page that features QuickTime media file of this type. Microsoft has termed this as Limited active attacks.

Nevertheless, web browsers like Internet Explorer and others might be affected by the infection if the users employ the vulnerable versions of Windows.

As Microsoft security software engineer Chengyun Chu explains the vulnerability is not in the bowsers, but a browse-and-get-owned attack vector can occur due to the media playback plug-ins of browsers. He added, that the attackers can create a malicious Web page that uses the media playback plugins to play back an infected QuickTime file to reach the vulnerability in Quartz.dll.

Directshow versions 7, 8 and 9 are in Windows 2000, Windows XP and Windows Server 2003 are most likely targets of the attack. DirectShow has been replaced by the Windows Media Foundation in Windows Vista.

To fix the issue Microsoft has created a workaround registry script that you can download  and run through  Knowledge Base Article 971778. To  download the script you have to click on the big Fix it button. The script would remove some registry entries that enables QuickTime parsing. Microsoft provides another script to enable it. The second one can be run when the patch is made available. What irks is that the scripts will not work in all the environments

Microsoft has made no pre-announcements about the release of the patch. During this period, anti-malware companies might provide detection for the known attacks.

will not be displayed