Skip to main content

Microsoft's DirectX Hit By Zero-day Remote Code Execution Bug

Microsoft has issued a security advisory to notify users about an unpatched vulnerability in Microsoft DirectX which is being exploited by hackers to perform remote code execution on victims' computers.

In a Security Bulletin posted on its website, the software maker alerts about a critical flaw in the quartz.dll library, which comes integrated with DirectX and performs parsing of the QuickTime format video files.

The vulnerability reportedly affects all the iterations prior to Windows Vista, including Windows XP as well as Windows 2000 Service Pack 4 (SP4). Along with this, Server versions prior to Windows Server 2008 are also said to be affected by the flaw.

Cybercriminals are using maliciously crafted QuickTime files to seize control over PCs. Quoting the same, Microsoft said in a statement, “The vulnerability could allow remote code execution if [the] user opened a specially crafted QuickTime media file”.

Elaborating on the issue, a spokesperson for Microsoft Security Response Centre (MSRC) Christopher Budd asserted that QuickTime itself isn't vulnerable, but its parsing component, tagged as DirectShow, carries the critical bug.

Until a complete security patch is available, users can safeguard their PCs by disabling the QuickTime parsing, which can be achieved by editing the Windows registry. Users can disable the QuickTime parsing by clicking on to “Fix It” option.

You can follow ITProPortal.com on Twitter@itproportal.

Our Comments

DirectX is one of the more arcane sets of code within Microsoft's Windows Operating System and could well attract hackers and cybercriminals due to the fact that its code is present in its original form in all current versions of Windows excluding Windows 7.

Related Links

Microsoft: DirectX vulnerability allows remote code execution

(Product Reviews)

Microsoft Warns About DirectX Exploit

(Tom's Hardware)

Hackers exploit unpatched Windows bug

(Computerworld Australia)

DirectX suffers zero-day vuln

(Bit-Tech.Net)

Microsoft reports high-risk vulnerability in DirectX

(Beta News)

Microsoft issues advisory for vulnerability in Microsoft DirectShow

(Secure Computing)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.