Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.
The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with workarounds and a one-click fix it feature to enable the mitigations.
Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista, Windows 7 and Windows Server 2008 are not vulnerable.