DirectShow, ActiveX zero-days among planned Microsoft fixes

By on

Microsoft is hoping it can pull off a quick turnaround for a fix of a zero-day ActiveX vulnerability that was only disclosed this week.

The July Patch Tuesday release contains three updates addressing "critical" security vulnerabilities in Windows, according to an advance notification issued this week. Two of the bulletins address previously revealed issues that are being exploited in limited attacks: One is a vulnerability in DirectShow, the other is a bug in the Microsoft Video ActiveX control.

Many security experts predicted that websites hosting the exploit for the ActiveX flaw, which was revealed this week, would only continue to grow, meaning Microsoft had to act quickly.

"Our engineering team has been working around the clock to produce an update for the issue...and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks," wrote Jerry Bryant, a Microsoft security program manager, on the company's Security Response Center blog. "As you know, this information may change between now and next Tuesday."

The vulnerability impacts Windows XP and Server 2003 users and is particularly dangerous because users can be infected simply by visiting a website.

"It requires no user intervention at all," Dmitriy Ayrapetov, product line manager at internet security firm SonicWALL, told "Anywhere you can click on a web page in Internet Explorer, that's where they're vulnerable."

He said he wouldn't be surprised if hijacked social networking sites, such as Facebook and Twitter, soon are used to spread the malware.

So far, most of the compromised websites being used to serve up the attack -- experts estimate the number is somewhere in the thousands -- are based in China, researchers said.

Right now, the goal of the malware writers largely is to install World of Warcraft password-stealing trojans on victim machines, Roger Thompson, chief research officer at ant-virus firm AVG, told However, the payload could become more malicious, and he expects many more sites to be hacked and seeded with the exploit to launch drive-by downloads.

Until the fix is released, users should apply an available workaround, which is to set the kill bit for the affected ActiveX control.

In addition to the three "critical" patches, Microsoft plans to push out three "important" fixes affecting Publisher, Internet Security and Acceleration Server, and Virtual PC and Virtual Server, according to the notification.

See original article on

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?