New DirectX Attack in the Wild

Ralph DeFrangesco

Microsoft has released a security advisory warning that a vulnerability has been found in DirectX. The good news -- we have to take all we can get here -- is that it affects only Windows XP, 2003 Server and older versions of the OS.


The vulnerability is with the QuickTime Movie Parser Filter that DirectShow uses to process files with the quartz.dll file. Specifically, the vulnerability could allow remote code execution if the attacker opened a specially crafted QuickTime media file. The attacker could then gain the same rights as the local user. There is no patch for the vulnerability yet, however Microsoft has published three workarounds:


  • Disable the parsing of QuickTime content in quartz.dll
  • Modify the access control list on quartz.dll
  • Unregister quartz.dll


I personally recommend unregistering quartz.dll as this is a much cleaner way to deal with it. In addition, a policy can be created to unregister the dll making it totally automated if you manage a large environment.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.