Tag: Directshow

A few Zero Day Exploits in the wild — Heads up

Paul

Several different Security Vendors are Reporting that there is an ActiveX and Directshow exploits out in the wild.

The Directshow file in question is : msvidctl.dll

[A work around to prevent this]

[ad]It involves an ActiveX control called the Microsoft Streaming Video control and there is no workaround that I know of just yet.   Microsoft is aware of these exploits but we don’t know when they will release the patches.
These flaws mean that if you visit an Infected site you will most likely install software that you really don’t need or want.   You should be cautious where you go especially on chinese servers because some of them are reporting that they have seen an overnight bloom of sites that have these exploits in place.

People should take care and [intlink id=”2205″ type=”page”]install anti-virus and firewalls[/intlink] even the free ones are the best choices right now to defend againts these types of attacks.  You should also make sure you have the updated virus definitions and make sure you have the latest version of the AV program.

It is also suggest for users to not use Internet Explorer to prevent some of these exploits but take care and install a good browser, I would suggest Firefox to better protect your computer from some of these exploits.

Microsoft Issues a Security Advisory KB971778

Paul

Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

http://support.microsoft.com/kb/971778

The systems that are vulnerable are Windows 2000, Windows XP or Windows Server 2003.   I like this new way Microsoft is helping the less educated.   They now havea Fix it button on the site.  This fix it button is a registry change to there system.   It does all the work for the End user.   Although the corporate field will have to modify the registry there own way.

[ad]It looks like Microsoft is thinking of making this more user friendly.  Here is how to do a manual registry fix for your computer:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.

  2. Locate and then click the following subkeys in the registry:

    • For 32-bit Windows systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}

    • For 64 bit Windows Systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}

  3. On the File menu, click Export.

  4. In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save.

    Note By default, this will create a backup of this registry key in the My Documents folder.

  5. Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.

  6. Exit Registry Editor.

This will fix the problem until Microsoft has come out with a patch.  If you are not comfortable doing it this way, you can always go hit the fix it button to have it do it automatically.  This will help prevent someone from using this exploit!!