Microsoft is aware of limited, active attacks that use this exploit code. At this point in the investigation so far Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable. All versions of Windows Vista and Windows Server 2008 are not vulnerable.
Work-around Options:
- If you are using Windows 2000, SP4, Windows XP or Windows Server 2003, please see the Fix it provided to disables QuickTime parsing. After a security update is released, return to this link and click the automatically on a computer that is running Windows 2000, Windows XP or Windows Server 2003, click the "disable workaround".
- Use WinPatrol to disable QuickTime. See WinPatrol Features.
References:
- Advisory: Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
- Fix it: Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Corrine,
ReplyDeleteDo you know if this applies to those of us who use Quicktime Alternative?
Thanks for keeping us informed!
Brian (AKA The Dean)
Hi, Brian.
ReplyDeleteSince the vulnerability is directed to "a specially crafted QuickTime media file" and not a media file viewed with the Apple QuickTime program, I would suggest that it does apply.
Thanks. Patch applied!
ReplyDelete-Brian (AKA The Dean)