MCSE World
Everything you need for your Microsoft certifications...MCITP, MCTS, MCSE, Architect, Master and more!
 

Welcome to the MCSE World forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

1. We will remove new users that have 0 posts after 1 Month - so make sure you post a RELEVANT TO THE FORUM POST as soon as possible. Additionally after 18 months users with less than 5 posts will be removed.

2. The private message system is only available to members that have placed more than 3 valid posts - this is to prevent PM spamming.

3. The "Infocenter " along the top menu includes Book Reviews etc and is located in a separate section to the "General Forums" area.

- Administrator

Go Back   MCSE World > Front Page News & Polls > Front Page News
Reload this Page Dangerous Microsoft DirectX vulnerability under attack
Login Register Site Rules Home Today's Posts Forums:  Home | List Donate Arcade InfoCenter Search Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
Old 05-29-2009, 01:48 AM   #1
supag33k
MCSE World Administrator
 
supag33k's Avatar
 
Join Date: May 2003
Location: Australia
Posts: 2,382
Thanks: 857
Thanked 172 Times in 142 Posts
Post Dangerous Microsoft DirectX vulnerability under attack
Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.

The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with workarounds and a one-click “fix it” feature to enable the mitigations.

From the advisory:

Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable.

Read more at zdnet.com ....

http://blogs.zdnet.com/security/?p=3465

Also an entry on the MSRC blog provides more details:

The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed.

The MSRC blog is here:

http://blogs.technet.com/msrc/archiv...-released.aspx
__________________
MCSE (NT4/2000/2003/Messaging)
MCDBA (SQL 7/2000)
Wireless specialist (RF and Microwave)
WIP: CCNA, MCTS SQL 2005, MS Security stuff

Focus your efforts on one certification objective at a time, preferably the one you are weakest on at that point in time, making the objective something you understand well.

General Notes

1. The "Infocenter " along the top menu includes Book Reviews etc and is located in a separate section to the "General Forums" area
  Reply With Quote
Old 03-17-2010, 07:32 AM   #2
Tinus1959
Senior Moderator
 
Tinus1959's Avatar
 
Join Date: Dec 2004
Location: The Netherlands.
Posts: 4,919
Thanks: 173
Thanked 407 Times in 338 Posts
Re: Dangerous Microsoft DirectX vulnerability under attack
Quote:
Originally Posted by removed View Post
I am glad to catch idea from your article. It has information I have been searching for a long time. This looks absolutely perfect. All these tinny details are made with lot of background knowledge. I like it a lot.

Keep on taking action!
________________
Very good. That is what we are here for. Glad you liked it.

By the way, the website you promote in your post and your sig has nothing to to with the goal of the forum. I removed it.
__________________
There are 10 types of people: those who understand binary numbers and those who do not.

Trainer is the most efficient job you could have: you sell your knowledge and still keep it yourself.
Last edited by BosonMichael : 03-17-2010 at 09:10 AM.
  Reply With Quote
Old 03-17-2010, 09:10 AM   #3
BosonMichael
Site Ogre
 
BosonMichael's Avatar
 
Join Date: Sep 2003
Location: near Nashville, TN
Posts: 6,054
Thanks: 330
Thanked 443 Times in 370 Posts
Re: Dangerous Microsoft DirectX vulnerability under attack
Quote:
Originally Posted by Tinus1959 View Post
Very good. That is what we are here for. Glad you liked it.

By the way, the website you promote in your post and your sig has nothing to to with the goal of the forum. I removed it.

And he added it back. Banned.
__________________
BosonMichael
MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
www.boson.com
Served proudly, US Army, 98C Intelligence Analyst, '89-'92
  Reply With Quote
Old 03-19-2010, 03:06 AM   #4
Tinus1959
Senior Moderator
 
Tinus1959's Avatar
 
Join Date: Dec 2004
Location: The Netherlands.
Posts: 4,919
Thanks: 173
Thanked 407 Times in 338 Posts
Re: Dangerous Microsoft DirectX vulnerability under attack
Good job.
__________________
There are 10 types of people: those who understand binary numbers and those who do not.

Trainer is the most efficient job you could have: you sell your knowledge and still keep it yourself.
  Reply With Quote
Old 03-26-2010, 05:09 AM   #5
supag33k
MCSE World Administrator
 
supag33k's Avatar
 
Join Date: May 2003
Location: Australia
Posts: 2,382
Thanks: 857
Thanked 172 Times in 142 Posts
Cool Re: Dangerous Microsoft DirectX vulnerability under attack
Thanks fo the moderation fellows.

It looks like I have to revise the authentication questions again....sigh

btw - I am back around here more.
__________________
MCSE (NT4/2000/2003/Messaging)
MCDBA (SQL 7/2000)
Wireless specialist (RF and Microwave)
WIP: CCNA, MCTS SQL 2005, MS Security stuff

Focus your efforts on one certification objective at a time, preferably the one you are weakest on at that point in time, making the objective something you understand well.

General Notes

1. The "Infocenter " along the top menu includes Book Reviews etc and is located in a separate section to the "General Forums" area
  Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Symantec and Sophos attack Microsoft OneCare snoopy51 IT Security General 4 05-18-2007 10:51 AM
Microsoft Leaves Windows 98, Me Users In Lurch Over Metafile Vulnerability jcb Front Page News 0 01-06-2006 02:22 PM
DirectX 9.0c Redistributable released ashwin Front Page News 0 10-05-2005 06:00 AM
Exploit code for Microsoft vulnerability circulating QOD Windows Server 2003 0 02-17-2004 04:32 PM
Microsoft shrugs off MyDoom attack snoopy51 IT Security General 1 02-03-2004 06:14 PM



Powered by vBulletin Version 3.6.0
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Copyright © 2003-2009, MCSE World.

Contact Us - Home - Archive - Top