Microsoft warned yesterday that hackers are using QuickTime media files to exploit an unpatched 0-day vulnerability in DirectShow.
In a posting on Microsoft's security response center blog company officials confirmed the new vulnerability affects Microsoft DirectShow in Windows 2000, Windows XP and Windows Server 2003, under limited attack.
After initial investigation Microsoft have confirmed that the vulnerable code was removed as part of their work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.
Microsoft have provided workarounds for the exploit available under the 971778 security advisory.
Source: Neowin
