| By Brian Livingston |
A flaw in Microsoft’s DirectShow technology, allowing a hacker Web site to infect a visitor’s PC, is a vulnerability that remains uncorrected in the Redmond company’s Patch Tuesday updates this week.
Fortunately, you can visit a Microsoft Knowledge Base article for a workaround that will close the hole, at the expense of disabling some QuickTime functionality.
Use a one-button DirectShow fix or Registry edit
Microsoft announced in its May 28 security advisory 971778 that a weakness in DirectShow was being actively exploited by some Web sites. The Redmond company revealed in a notice last week, however, that it would not have a patch ready for distribution by this month’s Patch Tuesday on June 9. That means you’re at risk if you open a hacked QuickTime file.
According to Microsoft, the hole affects Windows 2000, XP, and Windows Server 2003 but doesn’t affect Vista or Windows Server 2008. Because users of the vulnerable operating systems could be silently infected simply by visiting a bad Web site, I recommend that you put the workaround in place on all affected machines.
Microsoft provides an easy “Fix it” button in KB article 971778. Clicking this button and installing the resulting hotfix closes the hole but also disables automatic parsing of QuickTime audio and video files.
The article also describes a Registry edit that will accomplish the same end, but I see little reason to undertake manual editing when a one-button solution is available. The same article also includes a “reverse Fix it” button that will undo the workaround in case you desperately need to restore the broken QuickTime function.