QuickTime, QuickTime
By Elinor Mills
Published: 10 July 2009 08:46 GMT
Microsoft said on Thursday it will issue six security updates on Patch Tuesday next week, including a critical one that will fix two outstanding holes in DirectX that have been targeted in attacks.
In May, Microsoft announced that there had been attacks against a DirectX vulnerability that could allow someone to take complete control of a computer using a maliciously crafted QuickTime file.
Earlier this week, Microsoft warned of attacks being launched that exploit a hole in the Video ActiveX Control when used in Internet Explorer for recording and playing video in DirectShow. Microsoft offered a workaround on Monday for that hole, which reportedly it had known about since last year.
The ActiveX control vulnerability was likely independently rediscovered by malicious hackers or leaked through the Microsoft Active Protection Program which the company uses to share early security information with third-party vendors, according to a statement from security firm Rapid7.
A Microsoft spokeswoman said in a statement: "Microsoft received the original, private report from Ryan Smith and Alex Wheeler with IBM ISS X-Force in the early Spring of 2008. The company did not share any information with MAPP partners about the reported Video ActiveX Control vulnerability until immediately before the advisory posting on Monday."
The critical vulnerabilities affecting various Windows versions all could allow an attacker to run code remotely, while one of the non-critical holes involving Virtual PC and Virtual Server would allow remote code execution and the other non-critical holes could allow elevation of privilege.
Affected software for the critical updates is Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and 2008. The versions of Direct X affected are DirectX 7.0, 8.1 and 9.0.
The non-critical updates affect 2007 Microsoft Office System Service Pack 1, Microsoft Internet Security and Acceleration Server 2006, Microsoft Virtual PC 2004 and 2007, and Microsoft Virtual Server 2005 R2.
Original article: DirectX targeted in Microsoft security updates from CNET News.com
Microsoft fingers thumb drives for Windows 7 netbooks
NHS records, Google and Microsoft: Where do you want your data?
Microsoft, EU 'in talks' to settle antitrust probes
Microsoft Office, Windows get critical flaw fixes in latest patch batch
Microsoft releases emergency patch to plug critical ActiveX hole
You will have a key role in the setup, configuration, and ongoing management of Linux and Windows server (including virtual infrastructure), ...
Exchange, Citrix, Net backups, AD (security), clustering (Veritas), Sharepoint, Altiris, Entreprise Vault, McAfee, Quest Foglight, VMWare (ESX ...
Virtualisation Engineer (Windows / VMWare / Xen) to 35K Position: Virtualisation Engineer (Windows) / Windows Engineer (MCSE 2003 / 2008) Location: ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech