Microsoft Release Advisory for DirectX Vulnerability

Microsoft have released an advisory detailing a new vulnerability within DirectX, the issue affects DirectShow QuickTime Media Parsing. The vulnerability can lead to code execution when a specially crafted QuickTime media file is viewed.

It is possible that the vulnerability could be exploited by a malicious website and it would require minimal user interaction. It is likely that the issue would affect user machines more that Server platforms as a little user interaction is required and user platforms tend to have DirectX installed by default. Luckily the issue cannot be exploited using an email sent to an Outlook user within the preview pane.

The flaw is being exploited in the wild, although at this time the attacks are believed to be limited. The issue does not affect the Apple QuickTime player, this is because DirectX has it's own QuickTime media decoder, the issue resides in the QuickTime parsing code inside of the 'quartz.dll', a component of Microsoft DirectX DirectShow. It is also important to note that the vulnerability can be exploited through media plugins for different web browsers, it is not limited to Internet Explorer users.

It is understood that Windows 2000 SP4, Windows XP and Windows Server 2003 are vulnerable. It is understood at this time that Windows Vista and Windows Server 2008 are no vulnerable. There is no vendor supplied patch at this time, however there are some steps that can be taken to reduce exposure to this vulnerability, these are:

• Disable QuickTime Parsing in 'quartz.dll'
• Set the kill-bit for the WMP ActiveX Control
• Use file ACLs to limit access to 'quartz.dll' (e.g. 'cacls.exe')

You can find out more about the issue from the Microsoft Advisory here and the Technet Security Blog here.