News

DirectShow Subject to Attacks, Microsoft Warns

Microsoft issued a security advisory on Friday describing a newly disclosed bug in Microsoft DirectShow that could enable remote code execution attacks.

In its advisory, the software giant said the vulnerability could be triggered if an unsuspecting user opens specially crafted media file. A hacker successfully deploying this bug could increase his user rights privileges within a Windows-based network. However, accounts configured with fewer administrative privileges aren't as vulnerable, Redmond said.

"While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable," the advisory explained. Currently, Microsoft is aware of "limited, active attacks that exploit this vulnerability."

Users of Windows Vista, Windows 7 RC1 and Windows Server 2008 are not affected by this vulnerability, Redmond said.

Microsoft has rolled out an improved "Software Security Incident Response Process (SSIRP)" to better respond to the issue, the security bulletin explained.

Microsoft DirectShow is a framework that provides an application programming interface for developers working with multimedia files. The framework supplants Microsoft's earlier Video for Windows interface.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.