05-29-2009 12:40 AM
Microsoft has Released an Out-of-Cycle Security Bulletin and Workarounds that Address a Serious Flaw Affecting Microsoft DirectX. DirectShow is prone to a Vulnerability that can lead to Code Execution when a Specially-Crafted QuickTime Media File is Viewed. This Vulnerability is being Exploited In-the-Wild in Limited Attacks.
For more information, see the following:
New Vulnerability in quartz.dll Quicktime Parsing:
Microsoft Security Advisory (971778):
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution: http://www.microsoft.com/technet/security/advisory
Solved! Go to Solution.
05-29-2009 12:52 AM
Why has the symantec Internet Threat Meter not been Updated with this Information?
05-29-2009 03:25 PM - edited 05-29-2009 03:25 PM
To All Users who have not Applied the Workarounds: Please do so as soon as possible. And let Family and Friends know!
05-29-2009 04:20 PM
Microsoft has made implimenting the workarounds easy, even for the computer-challenged, by offering a "fix-it" button that will run a wizard to effect the necessary registry changes. It can be found at this Microsoft Security Advisory page.
05-29-2009 06:07 PM
Hi all -
Just a tidbit from Microsoft -
"Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
In other words, expect the fix to be pushed out automatically on Windows Update.
NIS 2009, XP-SP3, Vista-SP2, IE 8
05-29-2009 06:13 PM
05-30-2009 08:08 AM
Be very careful about one of the workarounds offered by Microsoft. I chose the command line option of modifying quartz.dll.
I did this last night.
This morning I got a MS Update ready-to-install message for KB961373.
I let it install in the background.
Then two minutes later I got the same message again.
This time I watched the install. Unsuccessful!
I won't drag you through everything I tried, one of which was uninstalling KB961373 using ADD/REMOVE. It had been installed back in April; but I uninstalled it, hoping that the new install would take, which it didn't.
Finally, I worked out after looking at info on this item that it was related to Quartz.dll, which is what the current workaround I had applied was dealing with.
Using the undo option on the same MS page, I was then able to have a successful installation of KB961373 and my heart's pounding is greatly reduced.
Once I am calm enough, I may try the buttons option given in a later post by SOJ.
05-30-2009 07:06 PM
I tried the "Fix It" button to enable the workaround and it failed to make any registry changes. Also, I was still able to view Quicktime movies.
Thanks to mijcar posting his experience, I don't think I'll take command line route.
Anyone else have success with it?
Norton 360 • Norton Internet Security • Norton Zone | XP SP3 • Windows 7 Professional SP1 x64
• PLEASE, BACKUP or EXPORT your Identity Safe Data on a regular basis •
05-30-2009 08:08 PM
There are several workarounds. The one the "fix it" button implements deletes the following registry key in 32-bit systems:
Copy and paste this into the regedit's "find" field and if the search comes up empty, the fix worked.
I believe you are still able to view Quicktime movies because this only affects the vulnerability in DirectShow, at least as I understand this explanation of the fix in this Technet blog:
#1: Disable Quick Time Parsing in Quartz.dll by deleting the following registry key:
This is the best workaround because it’s the most surgical. It only
disables QuickTime Parsing in DirectShow. DirectShow's other
functionality is not affected. This workaround covers all known attack
vectors. Therefore, if you are not concerned about QuickTime content
playback via DirectShow, this is the workaround we recommend you apply
But I did have some trouble running the wizard online as it reported it could not find a necessary file it had placed in a temp folder on my machine. I had to save the fix to my hard drive and then run it. So it was not without glitch.