{"id":1826,"date":"2009-06-01T10:41:21","date_gmt":"2009-06-01T10:41:21","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=1826"},"modified":"2015-09-09T19:38:03","modified_gmt":"2015-09-09T11:38:03","slug":"hackers-exploiting-unpatched-directx-bug-with-quicktime","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2009\/06\/hackers-exploiting-unpatched-directx-bug-with-quicktime\/","title":{"rendered":"Hackers Exploiting Unpatched DirectX Bug With Quicktime"},"content":{"rendered":"
[ad]<\/p>\n
It seems like another fairly critical flaw has been discovered in Microsoft<\/a> Windows. It’s serious as it allows remote code execution, which basically means if you get hit with it your machine is owned.<\/p>\n It seems DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk. Windows Vista, Server 2008 and Windows 7 are not effected – so they have fixed the problem at some point in their development cycle, they just haven’t pushed it back to the older operating systems yet.<\/p>\n For the third time in the last 90 days, Microsoft Corp. has warned that hackers are exploiting an unpatched critical vulnerability in its software.<\/p>\n Late Thursday, Microsoft issued a security advisory that said malicious hackers were already using attack code that leveraged a bug in DirectX, a Windows subsystem crucial to games and used when streaming video from Web sites.<\/p>\n Hackers are using malicious QuickTime files — QuickTime is rival Apple Inc.’s default video format — to hijack PCs, Microsoft said. “The vulnerability could allow remote code execution if [the] user opened a specially crafted QuickTime media file,” the company said in the advisory. “Microsoft is aware of limited, active attacks that use this exploit code.”<\/p>\n According to Christopher Budd, a spokesman for the Microsoft Security Response Center, QuickTime itself is not flawed. Instead, the QuickTime parser in DirectShow, a component of DirectX, contains the bug. “An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail,,” Budd said in an entry on the MSRC blog.<\/p><\/blockquote>\n Microsoft has had quite a spate of serious vulnerabilities recently, it seems resourceful hackers are targeting applications and components of the OS rather than the actual OS or networking stack.<\/p>\n Which makes sense, you’d expect the actual OS to be fairly secure now and not attention has been paid to those ‘must-have’ system softwares like DirectX.<\/p>\n Because the bug is in DirectShow, any browser using a plug-in that relies on DirectShow is also vulnerable.<\/p>\n DirectX 7, 8 and 9 in Windows 2000, XP and Server 2003 are at risk, Budd said, but Vista, Server 2008 and Windows 7 are not. “Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista,” Budd said.<\/p>\n Until a patch is available, users can protect their PCs by disabling QuickTime parsing. To do that requires editing the Windows registry, normally a task most users shy from, but Microsoft has automated the workaround. “We’ve gone ahead and built a ‘Fix it’ that implements the ‘Disable the parsing of QuickTime content in quartz.dll’ registry change,” Budd said. “We have also built a ‘Fix it’ that will undo the workaround automatically.” <\/p><\/blockquote>\n Watch out when you are opening video files from unknown sources, especially in e-mail attachments (even from known sources) and you can use the ‘Fix it’ to mitigate against the problem until the patch is released.<\/p>\n