Update on the DirectShow vulnerability du jour

As already mentioned by GC here, there is a DirectShow vulnerability currently in the wild.

Samples seen thus far are being detected as Exp/VidCtl-A and Mal/JSShell-D. Several new variants of the exploit scripts are being proactively detected with these names. Additionally, runtime buffer overflow protection provides additional behavioral protection.

The payloads attackers are attempting to infect victims vary between attacks, but include:

Additionally, ensuring the runtime protection offered by HIPs is enabled provides another level of protection to proactively detect new attacks.

For those of you who want the security provided by Microsoft’s workaround, but don’t want to fiddle with the registry manually, Microsoft has provided some interesting tools that seem to simplify the procedure to a turnkey solution here.