Microsoft is reporting that a vulnerability in DirectShow a framework for playing various media types, is being exploited in the wild in some versions of Windows.
The attacks are being perpetrated using malicious QuickTime media files in what Microsoft calls "limited, active attacks." The vulnerability can cause remote code execution in the context of the logged-in user.There is no patch for the vulnerability yet.
DirectShow versions 7, 8 and 9 in Windows 2000, Windows XP and Windows Server 2003 are vulnerable to the attack. Windows Vista, Windows Server 2008 and Windows 7 are not vulnerable. DirectShow was largely replaced in Vista by the Windows Media Foundation.
Microsoft has created a workaround registry script which you can download and run through Knowledge Base Article 971778. There is a big, obvious "Fix It" button to download the script. The script removes certain registry entries which enable QuickTime parsing. A second script from Microsoft re-enables it. You can run the second one after the patch is available. The scripts won't work in all environments so there are other methods described in the KB article. Read it to see which is right for you.
No word on when the patch will be available. The next scheduled Patch Tuesday is June 9, which would be a pretty quick turnaround. In the meantime you can expect anti-malware companies to begin providing detection for known attacks.
