Risk FREE 30 Day Trial
Use ProSecure™ STM and UTM to protect your network, free of charge, for 30 days.
Security Blog
June 12, 2009
Threat Lab Report: Microsoft Patches Vulnerabilities
Microsoft announced Tuesday the release of 10 security patches, including six of the critical variety. However, we noticed that a recently discovered DirectX vulnerability was on the list of those being patched. Microsoft's official statement on why the patch was left out was "the patch still hasn't the quality that is needed for shipping".
Microsoft DirectX is an often used multimedia API in Microsoft operating systems. Directshow is the part of the API which handles streaming media.
Last week a vulnerability was discovered in Directshow. This vulnerability can be exploited by attackers when Directshow is processing specially crafted Quicktime video files.
Once an attacker successfully exploits this vulnerability, the remote attacker would be able to run arbitrary code in the context of the user running the application that uses DirectX. Even if the attacker is unsuccessful at exploiting this vulnerability, it still uses many system resources, effectively creating a denial-of-service scenario.
Affected DirectX Versions:
Microsoft DirectX 7.0
Microsoft DirectX 8.1
Microsoft DirectX 9.0
Microsoft DirectX 9.0 a
Microsoft DirectX 9.0 b
Microsoft DirectX 9.0 c
This security hole undoubtedly creates a new way of spreading malware. We have already detected such malware surfacing, so before an official patch is available, we strongly suggest our readers to download the corresponding hotfix found here to patch this vulnerability.
Posted by: Netgear Threat Lab at 3:49 PM
Categories: General , Malware , Netgear Threat Lab , Viruses
No TrackBacks
TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/27