Microsoft issues advisory for vulnerability in Microsoft DirectShow

By

Microsoft has released an advisory for a vulnerability in Microsoft DirectShow and updates to the WSUS patching schedule.

The 971778 advisory affects Windows 2000, Windows XP and Windows Server 2003 that is under limited attack.

Microsoft issues advisory for vulnerability in Microsoft DirectShow

 

Christopher Budd, security response communications lead for Microsoft, said: "Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable."

 

The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker could try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in email.

 

Microsoft claimed that while this is not a browser vulnerability, due to it being in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Budd also verified that it is possible to direct calls to DirectShow specifically, even if Apple's QuickTime (which is not vulnerable) is installed.

 

Microsoft has also announced that two new product categories are being added to the WSUS Products and Classifications dialog, both under the product family ‘Office Communicator Server and Office Communicator'.

 

Office Communications Server 2007 R2 will include updates for the Microsoft Office Communications Server 2007 R2, while the Office Communicator 2007 R2 product category will include updates for the Microsoft Office Communicator 2007 R2. Both will include coverage for service packs, critical and security updates.

 

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?