Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The 971778 advisory affects Windows 2000, Windows XP and Windows Server 2003 that is under limited attack.
Christopher Budd, security response communications lead for Microsoft, said: "Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable."
The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker could try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in email.
Microsoft claimed that while this is not a browser vulnerability, due to it being in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Budd also verified that it is possible to direct calls to DirectShow specifically, even if Apple's QuickTime (which is not vulnerable) is installed.
Microsoft has also announced that two new product categories are being added to the WSUS Products and Classifications dialog, both under the product family ‘Office Communicator Server and Office Communicator'.
Office Communications Server 2007 R2 will include updates for the Microsoft Office Communications Server 2007 R2, while the Office Communicator 2007 R2 product category will include updates for the Microsoft Office Communicator 2007 R2. Both will include coverage for service packs, critical and security updates.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.