Zero-day vulnerability in Microsoft DirectShow

Filed Under: Microsoft, Vulnerability

Critical
The SANS Internet Storm Center is reporting that hackers are exploiting a zero-day flaw in the msvidctl.dll component of Microsoft DirectShow to infect computer users visiting compromised legitimate websites.

The flaw means that if you visit an affected website, hackers could silently install code onto your computer by exploiting a vulnerability on your Windows computer. What's worse is that there is no official patch yet from Microsoft for the problem.

As it's versions of Internet Explorer that are affected, some users may feel more comfortable using non-Microsoft web browsers until a fix is available. (Of course, other browsers may have any number of flaws of their own - it's not as if there is any 100% secure web browser).

The good news for Sophos customers is that our anti-virus products detect samples of the exploit seen in circulation as Exp/VidCtl-A.

One has to wonder if the hackers intentionally timed their attack to coincide with the USA's weekend of independence festivities. Is it possible that they were hoping many people would be caught off their guard by this?

More information, albeit in Danish (hey, that's why Google Translate exists, right?), is available from the website of the CSIS Security Group. Included on the page is information about how to adjust your Windows Registry to mitigate the problem.

Update: Microsoft has published an advisory describing the vulnerability, suggesting that customers prevent the Microsoft Video ActiveX Control from running in Internet Explorer.

Details of how to do this are described on Microsoft's website.

Windows XP and Windows Server 2003 users are said to be affected.

It will obviously be interesting to see how quickly Microsoft can release a patch for this serious flaw, as there will undoubtedly be many hackers chomping at the bit to take advantage of this vulnerability.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.