Critical Windows vulnerability for users of 2000, XP and Server 2003

[Gary]

Quote "Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.The vulnerability in a Windows component known as DirectX is being targeted using booby-trapped QuickTime files, which when parsed can allow attackers to gain complete control of a computer. Because many browsers are designed to automatically play video, people can be compromised simply by visiting a site serving malicious files" Users of 2000, XP and Server 2003 versions of Windows are at risk of losing complete control of their machines. a fix for now is available here http://support.microsoft.com/kb/971778 using IE NOT Firefox. Full vulnerability details http://www.microsoft.com/technet/security/advisory/971778.mspx
Quote from of El Reg, full story here http://www.theregister.co.uk/2009/05/28/critical_microsoft_directx_vulnerability/

[Rik]

Thanks for that, Gary. Sadly, it's returning 'file not found' atm.

[Gary]

Thanks for that, Gary.

It seemed something very important for users of the forum as many still have XP, Rik.  try using the El Reg story and following the link there, only works in IE it appears

[Rik]

Ah!,

[Gary]

Ah!,

You can get to it using FF but need IE for it to work  Typical Ms it seems I have amended my first post to point that out 

[Rik]

Indeed. Turf wars and security shouldn't be mixed.

[Rik]

OK, from IE, I don't get the same error, instead it says it can't download the file.

[Gary]

Indeed. Turf wars and security shouldn't be mixed.

Agreed, especially such a dangerous one, it should be a universal browser patch.

[Gary]

OK, from IE, I don't get the same error, instead it says it can't download the file.

Odd  as I am using Vista it won't work for me, using FF I get to the fix me button but thats it. May be worth googling it Rik, or it may be pushed out as an out of cycle patch I guess It shows how to do it here via regedit though http://support.microsoft.com/kb/971778#FixedAlways

[Rik]

I was going for the RegEdit approach, Gary.

[Gary]

I was going for the RegEdit approach, Gary.

Best way, but not easy for non Tech types, great that Microsoft's fix it button does not work, rather Ironic really 

[Rik]

Certainly not iconic.

[Ray]

Thanks, Gary, I've done it on my main machine and my server using the regedit approach now. 

[Rik]

Could you get the fix file, Ray?

[JB]

I wonder if this also affects Quick Time Alternative ?

http://www.free-codecs.com/download/quicktime_alternative.htm

[Ray]

Could you get the fix file, Ray?

No, Rik, I couldn't, using IE the download window opened and just sat there without downloading anything.

[Rik]

Curious, with me it threw up an error dialogue that the file wasn't available. 

[Gary]

I wonder if this also affects Quick Time Alternative ?

http://www.free-codecs.com/download/quicktime_alternative.htm

It says "Vista, Windows Server 2008 and the beta version of Windows 7 are not affected, and neither is Apple's QuickTime player" so quick time alternative should be fine

[Gary]

Certainly not iconic.

[kinmel]

Microsoft Fix button works fine with Firefox in IE mode

[Rik]

Odd, I'm still getting the file not found error, Alan, even in IE. 

[kinmel]

Odd, I'm still getting the file not found error, Alan, even in IE. 

So am I now, sometimes it works and sometimes it doesn't,  perhaps the server is overloaded

[Rik]

More than likely. I've done it manually, it's such a quick fix.

[Sebby]

Thanks, Gary. Where do I download the Mac version?

[Rik]

[quandam]

Gary & Rik

Thanks for the info. I am in your hands entirely here. I followed the link and clicked on 'Fix It' ( I'm on FF) and it all went through without a hitch, was I lucky or have I missed something? Hopefully not

[Rik]

I think you were lucky, Q, it seems to have been a bit hit and miss with the server, but if you got no error, you should be fine.

[quandam]

Rik

I chose the 'work around' option, is that the correct choice?

[Rik]

Enable workaround/Fix it? It is.

[quandam]

Much obliged

[Rik]

NP.

[Gary]

Thanks, Gary. Where do I download the Mac version?

I dont know, but I don't need the fix Sebby  Think I'll slide a blu-ray film in my Laptops drive and have some light entertainment this morning 

[Ray]

I've got this update trying to install under Windows update this morning only snag is the download size is 0kb and it just keeps popping up as an update is ready to install. I click on install and it says it's installed successfully, then comes up as available again. 

[Ray]

Looks like the problem is with Windows update looking at my update history this update has been successfully installed and yet it is still been offered as available. 

[Rik]

It's probably because it's outside the normal schedule, Ray.

[Ray]

It's probably because it's outside the normal schedule, Ray.

Could be, Rik, the only way I could get rid of the notification was by checking the 'don't notify me about this update again' box.

[Rik]

I usually use the "I'm not listening" box, Ray.

[Gary]

Could be, Rik, the only way I could get rid of the notification was by checking the 'don't notify me about this update again' box.

you could undo the reg fix and download the update