Microsoft DirectX Zero Day Vulnerability
Active exploitation of yet another zero-day vulnerability in Microsoft DirectShow was discovered. According to CSIS, at the moment, cybercriminals use several thousand new compromised sites to spread malicious code exploited by a vulnerability in Microsoft DirectX.
SecurityLab has issued a security notice, available at: www.securitylab.ru/vulnerability/382197.php
Also available in the public domain is an exploit:
www.securitylab.ru/poc/382196.php
As a temporary solution, we recommend disabling the vulnerable library:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet explorerActiveX Compatibility {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags" = dword: 00000400