Users of Internet Explorer in Windows 2000 and XP are being targeted thanks to a Video Active X exploit in DirectShow that is allowing PCs to become compromised.
Many websites have been hacked with a malicious script that checks for the vulnerability and if you visit the website with Windows 2000 or XP and do not have the vulnerability patched, the site will attempt to re-route you to a malicious site that will silently download and execute a keylogging program.
In addition to this latest exploit is another vulnerability in DirectShow that has not been patched by Microsoft either and affects ALL browsers. Both vulnerabilities are dangerous and considered "drive by downloads".
Patches for these exploits are not yet available via Windows Update but Microsoft has created Advisories for each and Workaround fixes that can be used in the meantime to mitigate your risk.
Download and install the following fixes to stay safe:
- Vulnerability in Microsoft Video ActiveX control could allow remote code execution.
- Vulnerability in Microsoft DirectShow could allow remote code execution.
The fixes linked above will prevent the exploits from working on your PC and will keep you safe until Microsoft patches those vulnerabilities in DirectShow. I recommend you apply the fixes immediately. Also, verify that your Anti-Virus is up to date because most Anti-Virus will prevent the exploits from being downloaded onto your PC and will serve as another layer of protection.
To install the fixes, do the following:
- Visit the Advisory Page (see links 1 and 2 above) and choose the Fix it button located on the left side of the page:
- Download Fix it to your PC, then install it by double-clicking it. Click the Agree box and then click the Next button:
- The Fix is automatically applied and your PC will be protected from the vulnerabilities listed above. Choose Close to exit the dialog.
Microsoft is expected to include a patch for the vulnerabilities in the next Windows Update patch-day but in the meantime you can keep your PC safe by using the Fixes from Microsoft linked above.
Note: Windows Vista and Server 2008 are NOT vulnerable to these exploits.