Microsoft reports high-risk vulnerability in DirectX

Pre-Vista versions of Windows are vulnerable to a hole in Microsoft DirectX that's currently under limited attack, the company has announced. The vulnerability in quartz.dll could allow an attacker to strike through QuickTime playback plug-ins for any browser using the affected platform.

The problem, according to the security advisory, lies in the QuickTime Movie Parser Filter that DirectShow uses to process files in that format, specifically in the quartz.dll file. It's available for exploitation even if the system doesn't have QuickTime installed. For the moment, there's no patch, but a post on Microsoft's Security Research & Defense blog details the currently recommended workarounds.