• Windows 7 Wallpapers
• Vista Wallpapers
• Windows Wallpapers

The security hole makes Windows 2000 Service Pack 4, Windows XP (including SP2 and SP3), and Windows Server 2003 vulnerable to exploits but not the later versions of the Windows client and server operating systems, since the code containing the flaw was removed in Vista.

Christopher Budd, security response communications lead for Microsoft, confirmed that the company was “aware of limited, active attacks that exploit this vulnerability.” Budd explained that the vulnerable code was contained in the QuickTime parser in Microsoft DirectShow. DirectX 7.0, DirectX 8.1 and DirectX 9.0 are impacted.

“An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed,” Budd stated.

Concomitantly with informing the public of the zero-day vulnerability, the Redmond company is offering no less than three workarounds to bulletproof the affected operating systems from eventual exploits. The Microsoft Security Advisory (971778) contains the necessary steps that users need to take in order to protect themselves against attacks. Successful exploits of the DirectShow flaw allow an attacker to perform remote code execution on the victim's computer.

While the company is working on a patch to resolve the vulnerability, it is providing end users with an extremely simple and efficient workaround. KB article 971778 contains an automated workaround that is designed to disable QuickTime parsing. Users simply have to click on the Fix It button and render any exploit attempts useless.