Winston-Salem, Business, News, Events, Greensboro, Technology, IT Services

Zero Day Vulnerability in Microsoft DirectX 9

Severity: High

28 May, 2009

Summary:

§ This vulnerability affects: Microsoft DirectX 9.0 and earlier versions (does not affect DirectX 10)��

§ How an attacker exploits it: By enticing your users into downloading and playing a malicious Quicktime movie, or into visiting a malicious web page

§ Impact: An attacker can execute code on your computer, potentially gaining control of it

§ What to do: Implement the workarounds described in the Solution Path section of this alert

Exposure:

Today, Microsoft released a security advisory warning of a serious unpatched DirectX vulnerability, which attackers have already begun exploiting on the Internet. The vulnerability affects DirectX 9.0 (and earlier versions) running on Windows 2000, XP and Server 2003 computers. It does not seem to affect DirectX 10 running on Windows Vista or Server 2008 computers.

Since Microsoft just learned about this flaw, they don’t describe it in much technical detail. They only say the flaw involves the way DirectShow (a component of DirectX) handles specially crafted Quicktime files. However, the advisory does tell how attackers can leverage the flaw. By enticing one of your users into downloading and opening a malicious Quicktime movie, or into visiting a malicious web page, an attacker can exploit this vulnerability to execute code on a victim’s computer, inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

With attackers actively exploiting this vulnerability in the wild, it poses a significant threat to Windows 2000, XP, and Server 2003 users. We recommend you implement the workarounds described below to mitigate the risk of this dangerous zero day attack.

Solution Path:

Microsoft has not had time to release a full patch for this zero day vulnerability. However, they have released a "Fix it" workaround that will disable DirectX’s ability to handle Quicktime files. If you don’t mind disabling Quicktime file handling in Windows, we recommend you apply this "Fix it" workaround until Microsoft releases their final patch. The workarounds described below can also help mitigate the risk of this zero day vulnerability:

1. Inform your users of this vulnerability. Advise them to remain wary of unsolicited Quicktime (.mov) movies. If they don’t absolutely need to view a Quicktime movie, and don’t fully trust the entity it came from, they should avoid watching it until Microsoft releases a patch.

2. Use up-to-date antivirus (AV) software. AV companies are sure to release signatures that detect these malicious Quicktime files. Make sure to update your AV regularly.

3. Use a gateway device, like your Firebox, to block Quicktime files. If your users can’t download Quicktime files, this exploit won’t affect them. Unfortunately, doing this blocks legitimate Quicktime files as well. Nonetheless, depending on your business needs, you may still consider blocking Quicktime files until Microsoft releases a patch.

We will update this alert when Microsoft releases a patch.

Courtesy of WatchGuard


TwitThis

Be Sociable, Share!
Leave a Reply

You must be logged in to post a comment. Login »

Optimization WordPress Plugins & Solutions by W3 EDGE