NEWS FROM THE LAB - Tuesday, June 2, 2009

Exploit Shield vs DirectShow Posted by Sean @ 08:49 GMT

We posted a link to Microsoft Advisory 971778 / CVE-2009-1537 last week.

The advisory details a vulnerability in Microsoft's DirectShow, quartz.dll, affecting QuickTime parsing. (Not a QuickTime vulnerability.) Microsoft has reported some use of an exploit in the wild.

An analyst from our Exploit Shield team, Victor, tested a working sample against our Exploit Shield technology.

His efforts can be seen below, click the image for a larger view.

Exploit Shield vs DirectShow Exploit

Excellent. Exploit Shield proactively blocks this threat with heuristic detection of shellcode exploitation.

The screenshot above is from one of the Lab's internal builds. It is also integrated into our Internet Security Technology Preview.

Browsing protection ISTP9.50

And this is the block page that will be displayed to clients.

Exploit Shield Block of DirectShow Exploit

P.S. And just so you know, there is ALSO a QuickTime vulnerability that's been patched. See our vulnerability description for details. Update your QuickTime to version 7.6.2.

Updated to add: There's also an advisory for iTunes so you can get your QuickTime update along with iTunes 8.2.

Our vulnerability description has details.