Microsoft Zero-Day DirectX Flaw

Vulnerability Details

Microsoft has reported a critical new vulnerability in Microsoft DirectX affecting older versions of Windows. The vulnerability could allow remote code execution if a user opens a rogue QuickTime media file. Microsoft reports limited, active attacks that use this exploit code.

The vulnerability exists in the way a DirectX application programming interface known as DirectShow handles supported QuickTime files. By manipulating the format, attackers can gain the same system privileges assigned to the logged-in user. The Microsoft Security Advisory states: “If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Affected Software

• Windows 2000 Service Pack 4
• Windows XP
• Windows Server 2003

All versions of Windows Vista, Windows Server 2008, and the beta version of Windows 7 are NOT vulnerable. In addition, Apple’s Quick Time player is NOT affected.

Please consult the official Microsoft Security Advisory for details on workarounds, fixes and patch availability.

Workaround

Microsoft has issued a workaround that disables the automatic QuickTime parsing on machines running Window 2000, Windows XP or Windows Server 2003.

Recommendations

Keep your anti-virus products up-to-date with the current pattern files.

W32.SillyFDC.BBM - SecurityOrb.com Security Advisory

Discovered: March 30, 2009
Updated: March 30, 2009 5:45:58 AM
Type: Worm
Infection Length: 26,624 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

W32.SillyFDC.BBM is a worm that spreads by copying itself to removable drives.

Protection

* Initial Rapid Release version March 29, 2009 revision 055
* Latest Rapid Release version March 29, 2009 revision 055
* Initial Daily Certified version March 30, 2009 revision 002
* Latest Daily Certified version March 30, 2009 revision 002
* Initial Weekly Certified release date April 1, 2009

Threat Assessment
Wild

* Wild Level: Low
* Number of Infections: 0 - 49
* Number of Sites: 0 - 2
* Geographical Distribution: Low
* Threat Containment: Easy
* Removal: Easy

Damage

* Damage Level: Low

Distribution

* Distribution Level: Medium
* Target of Infection: Removable drives

Microsoft Security Advisory Notification - February 24, 2009

********************************************************************

Title: Microsoft Security Advisory Notification
Issued: February 24, 2009
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (968272)
- Title: Vulnerability in Microsoft Office Excel
Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/968272.mspx
- Revision Note: Advisory published
* Microsoft Security Advisory (967940)
- Title: Update for Windows Autorun
- http://www.microsoft.com/technet/security/advisory/967940.mspx
- Revision Note: Advisory published


Other Information
=================

Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious Web sites. Microsoft does
not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, it is not required to read
security notifications, security bulletins, security advisories, or
install security updates. You can obtain the MSRC public PGP key at
https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security
Bulletins and Microsoft Security Advisories are issued or revised,
subscribe to Microsoft Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft Security Advisory Notification - Dec. 30, 2008

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: December 30, 2008
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (961509)
- Title: Research proves feasibility of collision
attacks against MD5
- http://www.microsoft.com/technet/security/advisory/961509.mspx
- Revision Note: Advisory published