Just and FYI that we’ve released Microsoft Security Advisory 971778. This discusses a new vulnerability in Microsoft DirectShow affecting Windows 2000, Windows XP and Windows Server 2003 that is under limited attack. The advisory outlines information about the vulnerability and steps customers can take to protect themselves while we’re working on a security update to address the issue.
Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista. This means that Windows Vista and versions of Windows since Windows Vista (Windows Server 2008, Windows 7) are not vulnerable.
J.C. Hornbeck | Manageability Knowledge Engineer