May 30, 2009

Security Alert! Quicktime Vulnerability

Apparently, there is a vulnerability in DirectShow that allows malformed QuickTime media files to be created. These could allow a hacker access to and control over your PC. It affects Windows 2000, Windows XP, and Windows Server 2003. Vista is not affected. MS has issued an advisory with a work around. Also included are "Fix-It" buttons that will install the work around (and uninstall it) automatically.

You should install this patch ASAP. If you have problems with QuickTime, you can easily undo the "fix". From the advisory:

"Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable."

If you are interested in the technical details, they are available in the Microsoft Security Response Center blog:


Computer Repair Nassau County said...

I feel your blog really useful and inspiring me. Thank you.

Hank Arnold (MVP) said...

Thanks for the feedback. nice to hear...

Post a Comment