Critical security leak in DirectX: Microsoft warns against remote code execution
A new vulnerability in Microsoft DirectX could allow attackers run remote code. First attacks have already been observed.
According to Microsoft Windows Vista and Windows Server 2008 are not vulnerable but affected systems are Windows 2000 with SP4, Windows XP and Windows Server 2003. Users with administration rights are especially vulnerable because the malicious code can only be started under these conditions. For a successful attack the user has to open a certain website which offers the prepared Quicktime file.
Microsoft is already working on a solution (Microsoft Security Advisory) and will publish an out-of-cycle security update if necessary. Until then Microsoft recommends to use a current anti-virus software or to deactivate Quicktime - Microsoft offers a workaround for the latter.
More interesting articles about this topic:
• Vulnerability in Microsoft Excel officially confirmed
• Adobe Acrobat Reader: Security expert advises against the pdf viewer
• Virus infects software of digital photo frames from Samsung