14 DAY TRIAL // Windows 7 RC, as well as its precursor, Windows Vista, and the R2 and RTM/SP1 releases of Windows Server 2008 are immune to a zero-day vulnerability affecting DirectX on older versions of Windows. The security hole makes Windows 2000 Service Pack 4, Windows XP (including SP2 and SP3), and Windows Server 2003 vulnerable to exploits but not the later versions of the Windows client and server operating systems, since the code containing the flaw was removed in Vista.
Christopher Budd, security response communications lead for Microsoft, confirmed that the company was “aware of limited, active attacks that exploit this vulnerability.” Budd explained that the vulnerable code was contained in the QuickTime parser in Microsoft DirectShow. DirectX 7.0, DirectX 8.1 and DirectX 9.0 are impacted.
“An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed,” Budd stated.
Concomitantly with informing the public of the zero-day vulnerability, the Redmond company is offering no less than three workarounds to bulletproof the affected operating systems from eventual exploits. The Microsoft Security Advisory (971778) contains the necessary steps that users need to take in order to protect themselves against attacks. Successful exploits of the DirectShow flaw allow an attacker to perform remote code execution on the victim's computer.
While the company is working on a patch to resolve the vulnerability, it is providing end users with an extremely simple and efficient workaround. KB article 971778 contains an automated workaround that is designed to disable QuickTime parsing. Users simply have to click on the Fix It button and render any exploit attempts useless.
“Click on the “Fix this problem” button under "Enable Workaround" in that section. You will then be offered an installer package from the Microsoft website. After you’ve confirmed that you trust the source of this package, run it on your system. The package will automatically set the appropriate registry keys on your system to implement the workaround. When you want to undo the workaround, click on the "Fix this problem" button under "Disable Workaround" in the same section,” Budd added.
32-bit and 64-bit Windows 7 (Release Candidate) RC Build 7100.0.090421-1700 is available for download here.