Exploits of vulnerabilities in Microsoft Windows operating systems is something that may be a serious issue if the attacks start to increase as predicted by the security firm Symantec.
Some of the most recent exploits of vulnerabilities within Microsoft Windows was the infamous Conficker Worm infection. Since then, another bug as arisen and could become a mounting issue according to Symantec.
A bug called DirectShow, was noticed by Microsoft about a month ago, has been added to one web-based attack kit. It is speculated that this may lead to spreading of this bug. A fix has not yet been issued by Microsoft for the DirectShow bug. As of now it has been found that the DirectShow bug affects only Windows 2000, Windows 2003 and Windows XP. A month ago Microsoft issues a security advisory in regards to a "limited attack."
The DirectShow bug is currently not targeting any specific groups, companies or networks. Instead, it is affecting the three different versions of Windows operating systems. Security researchers have discovered that DirectShow bug was sponging off of phishing attacks. The creators of this bug seem to be phishing the same computer users that fall victim to phishing sites. Simply put, phishing sites could contain a link that redirects an unsuspecting user to a site that infects their system with the DirectShow bug.
While there is no patch available from Microsoft for this vulnerability, they have suggest that computer users running Windows 2000, Server 2003 and Windows XP, disable QuickTime parsing. The QuickTime player itself is not flawed but the QuickTime parser in the DirectShow bug is. In the mean time, Microsoft has posted a link to a tool for automating the process for disabling QuickTime parsing which may prevent infection of DirectShow.
The next security update on July 14 from Microsoft may include a patch for DirectShow bug.