Skip the navigation
News

Hackers exploit second DirectShow zero-day using thousands of hijacked sites

A new unpatched Windows bug surfaces; Microsoft hasn't patched the old one from May

By Gregg Keizer
July 6, 2009 01:04 PM ET

Computerworld - Thousands of legitimate Web sites hacked over the weekend are launching drive-by attacks using an exploit of a second critical unpatched vulnerability in Windows' DirectShow component, a Danish security company said today.

According to CSIS Security Group, the bug is in an ActiveX control, the "msvidctl.dll" file, that streams video content.

"CSIS has captured more systematic drive-by attacks exploiting a vulnerability in Microsoft DirectShow," the company warned on its Web site. "Thousands of Web sites have been compromised over the weekend and malicious script has been insert[ed]," it added (Google Translate translation).

The script re-routes users to a malicious site, which in turn downloads and launches a multi-exploit hacker toolkit that includes the DirectShow attack code. DirectShow is a part of Windows' DirectX graphics infrastructure.

Windows 2000, XP and Server 2003 are all vulnerable to attack, CSIS said.

Another Danish security firm, Copenhagen-based Secunia, ranked the vulnerability as "Extremely critical," its highest threat rating. Secunia had no additional information about the bug, however.

This newly-exploited vulnerability is the second unpatched DirectShow bug to surface in the last five weeks. In late May, Microsoft issued a security advisory that reported hackers were exploiting a different DirectShow bug, this one in its QuickTime media parser. A week ago, Symantec said that attack code for the QuickTime parser vulnerability had been added to a multi-exploit toolkit, and that users should expect more attacks.

Hackers have been using the QuickTime parser bug since May, Microsoft has acknowledged.

Today, a Microsoft spokesman said that company security researchers would be posting information about the newest vulnerability soon.

Patches are not available for either vulnerability, although Microsoft has suggested that users disable QuickTime parsing on Windows 2000, XP and Server 2003 machines. To expedite that, Microsoft has posted a tool that automates the process. CSIS recommended that users protect themselves against the newest bug by setting the "kill bit" of the ActiveX control.

Microsoft's next regularly-scheduled security updates are due July 14. While most researches have said they expect the company to patch the DirectShow bug then, it's unclear whether Microsoft will fix the video streaming vulnerability at the same time.

Read more about Security in Computerworld's Security Topic Center.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Security White Papers
Identity Governance: The Business Imperatives
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make...
CA Technology Brief: CA Point of View: Content Aware Identity & Access Management
This paper explores the concept of content-aware IAM, describes the integrated architecture for this new approach, and highlights the benefits that this approach...
Google: Security for Google Apps Messaging & Collaboration
Content provided by Google

Find out about how Google creates a security-based platform for Google Apps, covering topics like information security, physical security, and...
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
Fundamental Principles of Network Security
This paper covers the fundamentals of secure networking systems, including firewalls, network topology and secure protocols. Best practices are also given that introduce...
All Security White Papers
Security Webcasts
Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
Introduction to VMware vCenter Site Recovery Manager 5
Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
The Top Ten Secrets to Avoiding SAN Performance Problems
Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
Deduplication Without Compromise
Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
Director of Disk Products Discusses DXi6700
Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
All Security Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs