Results 1 to 5 of 5

Thread: Microsoft warns of DirectX flaw; Vista users unaffected

  1. #1
    roraniel's Avatar
    roraniel is offline Gold Member
    Join Date
    Oct 2008
    Location
    Pinehurst, NC
    Posts
    860

    Default Microsoft warns of DirectX flaw; Vista users unaffected

    A new vulnerability has been found in DirectX that affects users running Windows 2000, Windows XP, or Windows Server 2003. Microsoft has detailed the flaw and has outlined four workarounds.

    Microsoft has posted Security Advisory 971778 to warn its users that it is investigating public reports of a new vulnerability in Microsoft DirectX (versions 7.0 through 9.0) that hackers are actively exploiting. The vulnerability could allow for remote code execution if a user running Windows 2000, Windows XP, or Windows Server 2003 opens a specially crafted QuickTime media file. The software giant emphasized that all versions of Windows Vista and Windows Server 2008 are not vulnerable. The company also notes that the investigation is ongoing and that it will either provide a security update on Patch Tuesday or issue an out-of-cycle security update if needed.

    Those who are not running the latest version of Windows still have room to breathe since the security advisory outlines four workarounds for the issue. On top of that, Microsoft has created a "Fix it for me" for one of these workarounds, available at KB 971778. Just click the "Fix this problem" link and you're good to go.



    Even without the workarounds, there are two mitigating factors Microsoft describes. The first notes that in a Web-based attack scenario, an attacker has no way to force users to visit a malicious website (trickery is necessary). In short, as long as you are not clicking on suspicious links and following suspicious instructions (an attack could only occur after you do both), you are safe. Furthermore, if an attack manages to successfully exploit the vulnerability, he or she only gains the same user rights as the local user. Thus, if your user account is configured to have fewer user rights on the system, the impact will be smaller than if your user account has administrative user rights.

    Source: Microsoft warns of DirectX flaw; Vista users unaffected - Ars Technica

  2. #2
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    Thank you..
    I've read about this Security Advisor in one of my favourite blogs.. Corrine's Security Garden I mean

    Microsoft Security Advisory 971778 ~ Security Garden


  3. #3
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Thank you, leofelix. I like that Microsoft issued an interim "Fix it".

  4. #4
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    You're welcome Corrine
    I noticed "Fix it", however I use WinPatrol in my machines running XP, so I'm safe.

  5. #5
    seti is offline Member
    Join Date
    Nov 2008
    Posts
    1,923

    Default

    yes Corrine always keeps me up to date as well. I often know things before others because of her Secuirty Garden. So dear friends if you aren't in the garden, join now...the roses are lovely (he he)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22