kyRecon System research team has uncovered two vulnerabilities - CVE-2009-1537 and CVE-2009-1539 – in Microsoft DirectX.

A security breach exists when opening certain types of multimedia video files using Windows Media Player. Exploitation of these vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. This exploit can be accomplished locally or through the Internet, but only if the attacker persuades users to visit a malicious website that will be used to exploit the vulnerabilities.

An attacker who successfully exploited these vulnerabilities could have total control of a compromised system and gain the same user rights as the local user. He/she could then install programs; view, change, or delete data; and even create new accounts with full user rights. As a consequence, users whose accounts are configured to operate with administrative user rights would suffer more impact than users who have fewer user rights on the system.

Upon identification of the DirectShow vulnerabilities leading to a buffer overflow, engineers at SkyRecon confirmed that StormShield detects and blocks attacks targeting the Microsoft vulnerabilities without the need for patches.

StormShield ‘Protection against Overflow’ option simply has to be set to ‘Critical’ or ‘High’.

Organizations that rely only on perimeter security technologies are vulnerable to attack.

Securing endpoint using a Host-based Intrusion Prevention System (HIPS) is the only way to be protected against these attacks.

“Once again, StormShield’s efficiency and performance are proven. Our solution’s automatic protections block the attacks aiming at exploiting these vulnerabilities and secure our customers’ systems and data without the need for patches,” said Yann Torrent, Director of Research and Development at SkyRecon Systems, Inc. “On top of developing advanced endpoint security solutions, SkyRecon keeps on striving to provide Microsoft with information we uncover in order to help them in their drive to optimize the security of their operating systems and supporting applications. We were incidentally the first to work with Microsoft to make up for these vulnerabilities.”

The vulnerabilities affect Windows 2000 Service Pack 4, Windows XP and Windows Server 2003 operating systems. Windows Vista and Windows Server 2008 are not affected. More information regarding the vulnerabilities and Microsoft Security Bulletin can be found at:
-- Microsoft Security Bulletin MS09-028 – Critical vulnerabilities Accredited to Thomas Garnier, SkyRecon Systems