Get Must-Have Fix for New Microsoft DirectShow Flaw

**HelenaP** · June 1st, 2009, 07:52 AM

Written by Erik Larkin on May 28, 2009

A critical new zero-day flaw involving Microsoft DirectShow's processing of QuickTime content is under attack, Microsoft reported today.

The flaw in the quartz.dll processor in the DirectShow platform affects Windows XP, 2000, and Server 2003. Windows Vista, Server 2008, and Windows 7 are not affected. Crooks can go after the hole even if you have Apple's QuickTime installed, according to Microsoft.

Also, while opening a malicious QuickTime file could trigger the flaw, it's not required. According to a Microsoft post at its Security Response Center, "a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow." So a drive-by-download--which can execute an attack in the background if you simply visit a malicious page--may be possible.

Read the rest here...

Source~ PC World

**RACKnRAIL** · June 1st, 2009, 08:02 AM

Here's another M$ blunder affecting Mozilla Firefox, I just read about.

Sabotage may be a strong choice of word, but it immediately came to mind with the news of Microsoft’s latest .NET update.

The Microsoft .NET Framework 3.5 Service Pack 1, unleashed in February, forces an undisclosed Firefox extension on Windows users, called “Microsoft .NET Framework Assistant 1.0″, and it does so without asking the users permission.

To add insult to injury, the extension not only injects a serious security vulnerability into Firefox (also present in Internet Explorer), but it disables the uninstall button, meaning the only way to get rid of it, is to edit the Windows registry - a course of action not recommended for your usual non-tech-savvy user, as dabbling in the dark arts of registry editing can open you up to a slew of problems, and potentially kill Windows altogether.

Read Here

**Signa** · June 1st, 2009, 08:45 AM

Yeah, I saw that on P2PC, and fixed it.

**1cooldude** · June 1st, 2009, 10:32 AM

Sabotage may be a strong choice of word, but it immediately came to mind with the news of Microsoft’s latest .NET update.

funny that's the first thing that went through my mind..:hmmm:

**HelenaP** · June 1st, 2009, 04:32 PM

Ye...he's got it like that. :)

**1cooldude** · June 1st, 2009, 04:51 PM

A worthy note regarding all Windows updates is to have some control by choosing the following option: "Notify me but don't automatically install them"

If you have chose the most common option "Automatic (Recommended)" you may consider changing it.

**Signa** · June 1st, 2009, 06:49 PM

Originally Posted by 1cooldude

A worthy note regarding all Windows updates is to have some control by choosing the following option: "Notify me but don't automatically install them"

If you have chose the most common option "Automatic (Recommended)" you may consider changing it.

that's what I have mine set to. Of course the FF issue came from a February update, so it was a little late to not install it. Well, no harm done (yet).