News

DirectShow Subject to Attacks, Microsoft Warns

Microsoft issued a security advisory on Friday describing a newly disclosed bug in Microsoft DirectShow that could enable remote code execution attacks.

In its advisory, the software giant said the vulnerability could be triggered if an unsuspecting user opens specially crafted media file. A hacker successfully deploying this bug could increase his user rights privileges within a Windows-based network. However, accounts configured with fewer administrative privileges aren't as vulnerable, Redmond said.

"While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable," the advisory explained. Currently, Microsoft is aware of "limited, active attacks that exploit this vulnerability."

Users of Windows Vista, Windows 7 RC1 and Windows Server 2008 are not affected by this vulnerability, Redmond said.

Microsoft has rolled out an improved "Software Security Incident Response Process (SSIRP)" to better respond to the issue, the security bulletin explained.

Microsoft DirectShow is a framework that provides an application programming interface for developers working with multimedia files. The framework supplants Microsoft's earlier Video for Windows interface.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • .NET 11 Preview 6 Roundup: ASP.NET Core, MAUI, C#, EF Core and SDK Updates

    Microsoft's sixth .NET 11 preview advances async validation, C# unions, cross-platform UI controls, database queries, testing tools, Native AOT and container images.

  • Low-Coding in the Age of AI: Dataverse Embraces Copilot, Claude and Cursor

    Microsoft is extending Dataverse into coding-agent marketplaces while expanding its MCP tools, certification program and governance controls.

  • Visual Studio Takes Aim at Copilot Billing Shock

    Beyond Copilot usage visibility, the June update delivers several other enhancements centered on AI-assisted development, security and quality-of-life improvements. Here's a quick rundown of the remaining additions announced by Microsoft.

  • Claude AI Gets Yet Another Boost in VS Code 1.128

    The July 8, 2026, Visual Studio Code update expands agent workflows, chat attachments, browser-tab controls, OS-level shortcuts and enterprise telemetry management.

Subscribe on YouTube