Critical security leak in DirectX: Microsoft warns against remote code execution
A new vulnerability in Microsoft DirectX could allow attackers run remote code. First attacks have already been observed.
Microsoft is already working on the DirectX security hole.
Microsoft is warning against a critical security hole in DirectShow which allows attackers to control the affected system in case the user opened a specially made Quicktime media file.
According to Microsoft Windows Vista and Windows Server 2008 are not vulnerable but affected systems are Windows 2000 with SP4, Windows XP and Windows Server 2003. Users with administration rights are especially vulnerable because the malicious code can only be started under these conditions. For a successful attack the user has to open a certain website which offers the prepared Quicktime file.
Microsoft is already working on a solution (Microsoft Security Advisory) and will publish an out-of-cycle security update if necessary. Until then Microsoft recommends to use a current anti-virus software or to deactivate Quicktime - Microsoft offers a workaround for the latter.