Microsoft has released Security Advisory 971778 directed to a vulnerability in Microsoft DirectShow which could allow remote code execution if a specially crafted QuickTime media file is opened.
Microsoft is aware of limited, active attacks that use this exploit code. At this point in the investigation so far Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable. All versions of Windows Vista and Windows Server 2008 are not vulnerable.
Work-around Options:
- If you are using Windows 2000, SP4, Windows XP or Windows Server 2003, please see the Fix it provided to disables QuickTime parsing. After a security update is released, return to this link and click the automatically on a computer that is running Windows 2000, Windows XP or Windows Server 2003, click the "disable workaround".
- Use WinPatrol to disable QuickTime. See WinPatrol Features.
No comments:
Post a Comment