Update on the DirectShow vulnerability du jour

Filed Under: Malware, SophosLabs, Vulnerability

As already mentioned by GC here, there is a DirectShow vulnerability currently in the wild.

Samples seen thus far are being detected as Exp/VidCtl-A and Mal/JSShell-D. Several new variants of the exploit scripts are being proactively detected with these names. Additionally, runtime buffer overflow protection provides additional behavioral protection.

The payloads attackers are attempting to infect victims vary between attacks, but include:

Additionally, ensuring the runtime protection offered by HIPs is enabled provides another level of protection to proactively detect new attacks.

For those of you who want the security provided by Microsoft's workaround, but don't want to fiddle with the registry manually, Microsoft has provided some interesting tools that seem to simplify the procedure to a turnkey solution here.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s