Microsoft to Plug DirectShow, Video ActiveX Security Holes
Microsoft is prepping fixes for vulnerabilities in the DirectShow and Video ActiveX Control components as part of July's Patch Tuesday. The Patch Tuesday release will consist of six security bulletins, three rated critical.Microsoft plans to swat two Windows bugs that have come under attack by hackers as part of the July 14 Patch Tuesday. Among the collection of patches are fixes for the DirectX vulnerability that Microsoft first warned users about at the end of May. But also slated to be fixed is a vulnerability in the Video ActiveX Control that the company warned about July 6.
"I want to provide some clarity on two of the pending Windows updates mentioned," blogged Jerry Bryant, a Microsoft Security Response Center team member. "First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow ... Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd."