OS/Platform/Application:

Microsoft Windows XP
Microsoft Server 2003
Microsoft Windows 2000

Category: ALERT
Severity: HIGH
Attention: Windows users, System Administrators, Desktop Support Personnel.

Summary: Microsoft has released a security advisory detailing a new vulnerability in its DirectShow application.  DirectShow helps systems play certain types of media files.  The security advisory details a vulnerability in the way DirectShow interacts with the popular Quicktime media file format.  The most likely mechanism of exploitation would be the visitation of a maliciously-crafted website or opening of a media file attached to an email, etc.  Successful exploitation could result in complete takeover of a vulnerable computer.

Recommended Actions:  At the time of this writing (8:07 AM 5/29/09) no fix is available from the vendor to nullify this threat.  The security advisory does provide a number of suggested workarounds including one that involves a simple click-to-install operation that should be suitable for most users.  Windows users are encouraged to NOT visit untrusted websites or open/handle files from unknown or untrusted sources until a patch is available and/or to consider implementing one of the workarounds detailed in the security advisory. 

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Microsoft Security Blog Entry (describes issue and workaround options):
http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-direc

tshow-released.aspx

Microsoft Security Advisory 971778 (inlcudes workarounds):
http://support.microsoft.com/kb/971778

Microsoft Security Advisory 971778 Overview (provides more information on vulnerability, etc):
http://www.microsoft.com/technet/security/advisory/971778.mspx