Critical Windows vulnerability for users of 2000, XP and Server 2003

[Gary]

Quote "Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.The vulnerability in a Windows component known as DirectX is being targeted using booby-trapped QuickTime files, which when parsed can allow attackers to gain complete control of a computer. Because many browsers are designed to automatically play video, people can be compromised simply by visiting a site serving malicious files" Users of 2000, XP and Server 2003 versions of Windows are at risk of losing complete control of their machines. a fix for now is available here http://support.microsoft.com/kb/971778 using IE NOT Firefox. Full vulnerability details http://www.microsoft.com/technet/security/advisory/971778.mspx
Quote from of El Reg, full story here http://www.theregister.co.uk/2009/05/28/critical_microsoft_directx_vulnerability/

[Rik]

Thanks for that, Gary. Sadly, it's returning 'file not found' atm.

[Gary]

Thanks for that, Gary.

It seemed something very important for users of the forum as many still have XP, Rik.  try using the El Reg story and following the link there, only works in IE it appears

[Rik]

Ah!,

[Gary]

Ah!,

You can get to it using FF but need IE for it to work  Typical Ms it seems I have amended my first post to point that out 

[Rik]

Indeed. Turf wars and security shouldn't be mixed.

[Rik]

OK, from IE, I don't get the same error, instead it says it can't download the file.

[Gary]

Indeed. Turf wars and security shouldn't be mixed.

Agreed, especially such a dangerous one, it should be a universal browser patch.

[Gary]

OK, from IE, I don't get the same error, instead it says it can't download the file.

Odd  as I am using Vista it won't work for me, using FF I get to the fix me button but thats it. May be worth googling it Rik, or it may be pushed out as an out of cycle patch I guess It shows how to do it here via regedit though http://support.microsoft.com/kb/971778#FixedAlways

[Rik]

I was going for the RegEdit approach, Gary.

[Gary]

I was going for the RegEdit approach, Gary.

Best way, but not easy for non Tech types, great that Microsoft's fix it button does not work, rather Ironic really 

[Rik]

Certainly not iconic.

[Ray]

Thanks, Gary, I've done it on my main machine and my server using the regedit approach now. 

[Rik]

Could you get the fix file, Ray?

[JB]

I wonder if this also affects Quick Time Alternative ?

http://www.free-codecs.com/download/quicktime_alternative.htm

[Ray]

Could you get the fix file, Ray?

No, Rik, I couldn't, using IE the download window opened and just sat there without downloading anything.

[Rik]

Curious, with me it threw up an error dialogue that the file wasn't available. 

[Gary]

I wonder if this also affects Quick Time Alternative ?

http://www.free-codecs.com/download/quicktime_alternative.htm

It says "Vista, Windows Server 2008 and the beta version of Windows 7 are not affected, and neither is Apple's QuickTime player" so quick time alternative should be fine

[Gary]

Certainly not iconic.

[kinmel]

Microsoft Fix button works fine with Firefox in IE mode

[Rik]

Odd, I'm still getting the file not found error, Alan, even in IE. 

[kinmel]

Odd, I'm still getting the file not found error, Alan, even in IE. 

So am I now, sometimes it works and sometimes it doesn't,  perhaps the server is overloaded

[Rik]

More than likely. I've done it manually, it's such a quick fix.

[Sebby]

Thanks, Gary. Where do I download the Mac version?

[Rik]