Zero-day vulnerability in Microsoft DirectShow


The SANS Internet Storm Center is reporting that hackers are exploiting a zero-day flaw in the msvidctl.dll component of Microsoft DirectShow to infect computer users visiting compromised legitimate websites.

The flaw means that if you visit an affected website, hackers could silently install code onto your computer by exploiting a vulnerability on your Windows computer. What’s worse is that there is no official patch yet from Microsoft for the problem.

As it’s versions of Internet Explorer that are affected, some users may feel more comfortable using non-Microsoft web browsers until a fix is available. (Of course, other browsers may have any number of flaws of their own – it’s not as if there is any 100% secure web browser).

The good news for Sophos customers is that our anti-virus products detect samples of the exploit seen in circulation as Exp/VidCtl-A.

One has to wonder if the hackers intentionally timed their attack to coincide with the USA’s weekend of independence festivities. Is it possible that they were hoping many people would be caught off their guard by this?

More information, albeit in Danish (hey, that’s why Google Translate exists, right?), is available from the website of the CSIS Security Group. Included on the page is information about how to adjust your Windows Registry to mitigate the problem.

Update: Microsoft has published an advisory describing the vulnerability, suggesting that customers prevent the Microsoft Video ActiveX Control from running in Internet Explorer.

Details of how to do this are described on Microsoft’s website.

Windows XP and Windows Server 2003 users are said to be affected.

It will obviously be interesting to see how quickly Microsoft can release a patch for this serious flaw, as there will undoubtedly be many hackers chomping at the bit to take advantage of this vulnerability.