|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
New 0day in DirectShow
Microsoft has just released information about a newly discovered 0day vulnerability in DirectShow. The bad guys can use it to create a drive-by web page that can take over your system, simply by surfing to the page.
Security Advisory 971778 says:
Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file.
The MS Security Research & Defense site goes on to say:
The vulnerability is in the DirectShow platform (quartz.dll). While the vulnerability is NOT in IE or other browsers, a browse-and-get-owned attack vector does exist here via the media playback plug-ins of browsers. The attacker could construct a malicious webpage which uses the media playback plug-ins to playback a malicious QuickTime file to reach the vulnerability in Quartz.dll. Please note this type of attack could happen for any browsers, not IE specific.
There is also a file-based attack vector by opening a malicious QuickTime file via Windows Media Player to trigger the vulnerability.
Microsoft offers a simple solution – a “Fix It For Me” option in the related Knowledge Base article. It wouldn’t hurt a bit if you went to KB 971778 and clicked the “Fix It” button to, uh, Fix It. The worse that’ll happen? DreamScape won’t run QuickTime files.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Security fixes for Firefox
by 19 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 6 minutes ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 9 hours, 12 minutes ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 11 minutes ago
-
Return of the brain dead FF sidebar
by 6 hours, 13 minutes ago
-
windows settings managed by your organization
by 10 hours, 18 minutes ago
-
Securing Laptop for Trustee Administrattor
by 10 hours, 30 minutes ago
-
The local account tax
by 1 hour, 52 minutes ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 22 hours, 12 minutes ago
-
Digital TV Antenna Recommendation
by 14 hours, 44 minutes ago
-
Server 2019 Domain Controllers broken by updates
by 1 day, 10 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 1 day, 11 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 1 day, 14 hours ago
-
Outlook (NEW) Getting really Pushy
by 17 hours, 22 minutes ago
-
Steps to take before updating to 24H2
by 8 hours, 11 minutes ago
-
Which Web browser is the most secure for 2025?
by 21 hours, 48 minutes ago
-
Replacing Skype
by 10 hours, 21 minutes ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 1 day, 8 hours ago
-
Excel Macro — ask for filename to be saved
by 6 hours, 18 minutes ago
-
Trying to backup Win 10 computer to iCloud
by 10 hours, 7 minutes ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 3 days, 14 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 3 days, 16 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 3 days, 16 hours ago
-
No April cumulative update for Win 11 23H2?
by 2 days, 4 hours ago
-
AugLoop.All (TEST Augmentation Loop MSIT)
by 3 days, 17 hours ago
-
Boot Sequence for Dell Optiplex 7070 Tower
by 4 days, 8 hours ago
-
OTT Upgrade Windows 11 to 24H2 on Unsupported Hardware
by 2 hours, 15 minutes ago
-
Inetpub can be tricked
by 2 days, 19 hours ago
-
How merge Outlook 2016 .pst file w/into newly created Outlook 2024 install .pst?
by 3 days, 5 hours ago
-
FBI 2024 Internet Crime Report
by 4 days, 15 hours ago
Remembering Woody
