Microsoft DirectShow Vulnerability Could Allow Remote Code Execution

admin — Mon, 01 Jun 2009 23:06:51 +0000

Microsoft reported today a critical new zero-day flaw involving Microsoft DirectX processing of QuickTime content. Microsoft is aware of limited, active attacks that use this exploit code. While investigation is ongoing, the investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable. All versions of Windows Vista and Windows Server 2008 are not affected by this issue.

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The hackers are already attacking this hole with “limited attacks,” Microsoft says. If this is half as bad as it sounds, I’d expect such attacks to increase. While no patch is out yet, Microsoft has made a quick “Fix-It” option available to temporarily disable Windows parsing of QuickTime files.

To get the fix, visit this Microsoft support page and click the “Fix this problem” button under the “Enable workaround” heading. You’ll then download a file which, when run, will modify the Registry to protect against this flaw. Later, after Microsoft has released a patch to permanently fix the hole, you can click the “Disable workaround” link on the same page to reverse the change.

How to reinstall Windows XP without reactivating

admin — Tue, 12 May 2009 22:07:45 +0000

Need to format your hard drive and reinstall XP, and don’t want to have to go through the product activation process again? You can save the activation status info and then restore it after you reinstall the operating system, as long as you haven’t made any changes to the hardware. Here’s how:

Before reformatting, in My Computer, double click the drive letter on which you installed XP, and navigate to WINDOWS\System32. Click “Show the contents of this folder” if necessary. Copy the following files to a floppy, USB drive, CD/DVD or network location: wpa.dbl and wpa.bak. After reformatting and reinstalling XP, select NO when asked if you want to activate Windows now.

Restart in Safe Mode. In My Computer, open the WINDOWS\System32 folder and rename the existing wpa.dbl and wpa.bak files (if you have them). Now copy your old wpa.dbl and wpa.bak files to the System32 folder.

Restart and you should not be requested to activate again. This only works when you reinstall Windows on the same computer and the hardware remains the same.

Best Windows Anti Virus Software Review » Windows Hacks

Microsoft DirectShow Vulnerability Could Allow Remote Code Execution

How to reinstall Windows XP without reactivating