Windows 7 RC Immune to 0-Day DirectX Vulnerability
Windows 7 RC, as well as its precursor, Windows Vista, and the R2 and RTM/SP1 releases of Windows Server 2008 are immune to a zero-day vulnerability affecting DirectX on older versions of Windows. The security hole makes Windows 2000 Service Pack 4, Windows XP (including SP2 and SP3), and Windows Server 2003 vulnerable to exploits but not the later versions of the Windows client and server operating systems, since the code containing the flaw was removed in Vista.
Christopher Budd, security response communications lead for Microsoft, confirmed that the company was “aware of limited, active attacks that exploit this vulnerability.” Budd explained that the vulnerable code was contained in the QuickTime parser in Microsoft DirectShow. DirectX 7.0, DirectX 8.1 and DirectX 9.0 are impacted.
“An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed,” Budd stated. Read More»
Loading ...
