Written by Erik Larkin on May 28, 2009

A critical new zero-day flaw involving Microsoft DirectShow's processing of QuickTime content is under attack, Microsoft reported today.


The flaw in the quartz.dll processor in the DirectShow platform affects Windows XP, 2000, and Server 2003. Windows Vista, Server 2008, and Windows 7 are not affected. Crooks can go after the hole even if you have Apple's QuickTime installed, according to Microsoft.

Also, while opening a malicious QuickTime file could trigger the flaw, it's not required. According to a Microsoft post (http://blogs.technet.com/msrc/archive/2009/05/28/microsoft-security-advisory-971778-vulnerability-in-microsoft-directshow-released.aspx) at its Security Response Center, "a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow." So a drive-by-download--which can execute an attack in the background if you simply visit a malicious page--may be possible.

Read the rest here...

Source~ PC World (http://www.pcworld.com/article/165705/musthave_fix_for_new_underattack_microsoft_flaw.ht ml?tk=nl_wvx_h_cbintro)

Here's another M$ blunder affecting Mozilla Firefox, I just read about.

Sabotage may be a strong choice of word, but it immediately came to mind with the news of Microsoft’s latest .NET update.

The Microsoft .NET Framework 3.5 Service Pack 1, unleashed in February, forces an undisclosed Firefox extension on Windows users, called “Microsoft .NET Framework Assistant 1.0″, and it does so without asking the users permission.

To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, meaning the only way to get rid of it, is to edit the Windows registry - a course of action not recommended for your usual non-tech-savvy user, as dabbling in the dark arts of registry editing can open you up to a slew of problems, and potentially kill Windows altogether.

Read Here (http://startupearth.com/2009/05/31/microsoft-sabotaging-firefox-with-sneaky-net-updates/)

Yeah, I saw that on P2PC, and fixed it.

Sabotage may be a strong choice of word, but it immediately came to mind with the news of Microsoft’s latest .NET update.

funny that's the first thing that went through my mind..:hmmm:

Ye...he's got it like that. :)

A worthy note regarding all Windows updates is to have some control by choosing the following option: "Notify me but don't automatically install them"

If you have chose the most common option "Automatic (Recommended)" you may consider changing it.

A worthy note regarding all Windows updates is to have some control by choosing the following option: "Notify me but don't automatically install them"

If you have chose the most common option "Automatic (Recommended)" you may consider changing it.
that's what I have mine set to. Of course the FF issue came from a February update, so it was a little late to not install it. Well, no harm done (yet).

i fixed it.
thanks