OS/Platform/Application:

Microsoft Windows

Category: ALERT
Severity: HIGH
Attention: Windows users, System Administrators, Desktop Support Personnel

Summary: Internet Security resources are reporting the existence of a new vulnerability in Microsoft's DirectShow application.  DirectShow helps systems play certain types of media files.  Details on the vulnerability are sparse at this time but the most likely mechanism of exploit is the visitation of a maliciously-crafted website.  At the time of this writing (9:00 AM 7/6/09) no Microsoft security advisory or patch is available to address this vulnerability.  It is important to note that active exploitation of the vulnerability is reportedly occurring at this time on the public Internet.

Recommended Actions: Specific details about the vulnerability (including affected versions of Microsoft Windows and Internet Explorer, etc) are not complete at this time - different resources are reporting different details in some cases.  In any event, Microsoft Windows users and system administrators are encouraged to update their antivirus software as soon as possible and to avoid visiting untrusted websites, website links sent in unsolicited email messages, etc. 

NOTE FOR SYSTEM ADMINISTRATORS:  The SANS ISC Diary entry for this issue (below) includes details of a workaround.  It is unknown at this time if the workaround will be endorsed or recommended by Microsoft when an advisory is released for the vulnerability.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Symantec Advisory:
http://www.symantec.com/connect/blogs/let-celebration-come-end

VUPEN Advisory:
http://www.vupen.com/english/advisories/2009/1787

SANS ISC Diary Entry:
http://isc.sans.org/diary.html?storyid=6733