ITS Homepage Click here for text version of ITS homepage
Contact UAlbany Directories Calendars & Schedules Visitors Site Index Search
Admissions Academics Research IT Services Libraries Athletics
alerts_tag
Microsoft issues advisory for DirectShow vulnerability


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number: 070709-01
Alert Date: 07/7/09
Alert Title: Microsoft issues advisory for DirectShow vulnerability
Update-to: 070609-01 "*UNPATCHED* vulnerability in Microsoft DirectShow"

OS/Platform/Application:

Microsoft Windows XP
Microsoft Server 2003

Category: ALERT
Severity: HIGH
Attention: Windows users, System Administrators, Desktop Support Personnel

Summary: Microsoft has released a security advisory for a recently-discovered DirectShow/Video ActiveX Control vulnerability.  This vulnerability was originally reported in ALARM alert 070609-01.  The Security advisory provides clarification on the vulnerability, affected and unaffected software versions, and methods of attack.  The advisory also confirms previous reports of active exploitation occurring at this time on the Internet.

The advisory states that a patch is currently in development to fix this issue.  In the meantime, Microsoft has provided a workaround measure to limit the possibility of exposure for vulnerable computers.  Although only certain versions of Windows (Windows XP and Server 2003) are confirmed to be vulnerable, Microsoft is recommending that ALL versions of Windows (e.g., Vista, Server 2008) implement the workaround as part of a comprehensive and preemptive security measure.

Recommended Actions: Microsoft has provided an automated "Fix it for me" method of implementing the workaround (best for end users) as well as instructions for manual installation (ideal for system administrators).  Windows users/Administrators are encouraged to consider implementing the most appropriate method of workaround at their earliest convenience.  Information on the workarounds is available in the Security Advisory (Links provided below).  Users are cautioned to not click on web links enclosed in emails, instant messages, etc and to use extreme caution in viewing untrusted websites until the workarounds are installed on their computers.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Microsoft Knowledge base article (includes links for workarounds):
http://support.microsoft.com/kb/972890

Microsoft Security Advisory (provides detailed explanation of vulnerability):
http://www.microsoft.com/technet/security/advisory/972890.mspx

ALARM Alert 070609-01 (initial info about the vulnerability):
http://www.albany.edu/its/alerts_archive_2009_4048.htm

 
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies