Security Hero Rotating Header Image

Microsoft DirectShow vulnerability, (Thu, May 28th)

Microsoft DirectShow vulnerability, (Thu, May 28th)

Microsoft have recently announced aMicrosoft DirectShow vulnerability via an advisory and multiple blog entries.
The advisory indicates that Microsoft are investigating public reports of a vulnerability within the DirectShow element of DirectX – CVE-2009- 1537 has been allocated to this vulnerability.
Microsoft have published quite a detailed set of actions which provide a temporary workaround for this issue to prevent the download of a crafted QuickTime formated file.
The following information has been posted:
In the advisory Microsoft have indicated that a patch will be produced for this but give no timescales. To reduce the potential risk you should consider the impact of applying the workaround versus the period of nil-protection whilst it’s MAPP/MSRA partners get definitions out for detection, etc.
SecurityFocus have reported that targeted exploits of this issue have been seen in the wild.


Leave a Reply

Your email address will not be published. Required fields are marked *