Fri, Jul 10, 2009
Important Windows Patches Expected for Exploited DirectX, Quicktime Flaws
Microsoft has announced that it plans to release six security
bulletins on Tuesday, July 14th, along with patches that will fix the DirectX
DirectShow Quicktime flaw and the Video
ActiveX Control flaw, both mentioned previously. These
both are being actively exploited via compromised web sites.
Other flaws discovered by Microsoft, not yet being actively
exploited, will also be fixed. For more information, see http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx.
Unpatched Web-Exploitable Flaw in DirectX on Windows XP, 2003 and 2000
An unpatched security vulnerability in DirectX on Windows XP, 2003 and 2000
has been announced. It allows an attacker to create and distribute (e.g. via
a web site) a malicious QuickTime media file. This malicious file, when
viewed (e.g. via a web browser) will run the attacker's commands
on the viewing machine. Microsoft is aware of limited active attacks
that exploit this vulnerability. While no patches have yet been
released, Microsoft has outlined some workarounds that will block
some of the ways that this vulnerability is presently being exploited.
For more information, and for workaround instructions, please see
http://www.microsoft.com/technet/security/advisory/971778.mspx
![[Valid HTML 4.01 Transitional]](/support/security/valid-html401-blue.png){kind=small}
![[Valid RSS]](/support/security/valid-rss.png)
![[Valid Atom]](/support/security/valid-atom.png)