Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/advisory/954157.mspx

INTRODUCTION

About the Microsoft in-box Indeo codec

There are multiple ways that the Indeo codec may be used, and certain applications may require the codec. The Indeo codec may be required when you visit legitimate Web sites and in corporate environment line-of-business applications. This may be a more common scenario for customers who are running older Windows operating systems. On the other hand, customers who do not have to use the codec may want to take an additional step and unregister the codec completely. This article covers two ways that the codec can be unregistered: by using the Fix-it option provided below or by manually unregistering the codec.

Unregister the Microsoft in-box Indeo codec by using the Fix-it option

Click the Fix this problem button in the first column of the following table to unregister the Indeo codec on your computer. After you do this, the codec cannot be used by any application. This tool both unregisters the codec binaries from the system and adds ACLs to prevent their use. A second Fix-it is available that reverses this action if you decide to do so in the future.

Use this Fix-it button to unregister the Indeo codec files automatically

Use this Fix-it button to re-register the Indeo codec files automatically

Unregister the Microsoft in-box Indeo codec manually

There are multiple files that are associated with the Microsoft in-box Indeo codec. Depending on the Windows operating system, not all the files that are listed here may be present on the computer. Users who want to manually unregister the Microsoft in-box Indeo codec files must verify that these files exist on the computer, locate the directory in which the files exist, and then run the sample script that is included with this article. To remove the Microsoft in-box codec from the system manually, we suggest renaming the Microsoft in-box codec binaries to something like ‘binaryname.old’. This allows you to reverse the process in the future should you ever want to regain Indeo functionality. This article includes a sample script that can be used to do this in your environment in a more automated manner. Note Unregistering Indeo codecs from the system may cause application compatibility issues if you try to play content that requires these codecs.Note This table lists the binary name and the version of the Microsoft Indeo in-box codecs that you can unregister. It does not include any third-party codecs.

Windows 2000

Version

ir32_32.dll

3.24.15.3

ir41_32.ax

4.51.16.3

ir41_qc.dll

4.30.62.2

ir41_qcx.dll

4.30.64.1

ir50_32.dll

5.2562.15.55

ir50_qc.dll

5.0.63.48

ir50_qcx.dll

5.0.64.48

ivfsrc.ax

5.10.2.51

Windows Server 2003 or Windows XP, x64-based version

Version

ir32_32.dll

3.24.15.3

ir41_32.ax

4.51.16.3

ir41_qc.dll

4.30.62.2

ir41_qcx.dll

4.30.64.1

ir50_32.dll

5.2562.15.55

ir50_qc.dll

5.0.63.48

ir50_qcx.dll

5.0.64.48

Windows XP

Version

ir32_32.dll

3.24.15.3

ir41_32.ax

4.51.16.3

ir41_qc.dll

4.30.62.2

ir41_qcx.dll

4.30.64.1

ir50_32.dll

5.2562.15.55

ir50_qc.dll

5.0.63.48

ir50_qcx.dll

5.0.64.48

Sample script to remove the Indeo codec

rem - list of indeo filesrem rem ir32_32.dllrem ir41_32.ax rem ir41_qc.dll rem ir41_qcx.dll rem ir50_32.dll rem ir50_qc.dll rem ir50_qcx.dll rem ivfsrc.ax rem backup operations  32-bitcopy %windir%\system32\ir32_32.dll %windir%\system32\ir32_32.dll.oldcopy %windir%\system32\dllcache\ir32_32.dll %windir%\system32\dllcache\ir32_32.dll.oldcopy %windir%\system32\ir41_32.ax %windir%\system32\ir41_32.ax.oldcopy %windir%\system32\dllcache\ir41_32.ax %windir%\system32\dllcache\ir41_32.ax.oldcopy %windir%\system32\ir41_qc.dll %windir%\system32\ir41_qc.dll.oldcopy %windir%\system32\dllcache\ir41_qc.dll %windir%\system32\dllcache\ir41_qc.dll.oldcopy %windir%\system32\ir41_qcx.dll %windir%\system32\ir41_qcx.dll.oldcopy %windir%\system32\dllcache\ir41_qcx.dll %windir%\system32\dllcache\ir41_qcx.dll.oldcopy %windir%\system32\ir50_32.dll %windir%\system32\ir50_32.dll.oldcopy %windir%\system32\dllcache\ir50_32.dll %windir%\system32\dllcache\ir50_32.dll.oldcopy %windir%\system32\ir50_qc.dll %windir%\system32\ir50_qc.dll.oldcopy %windir%\system32\dllcache\ir50_qc.dll %windir%\system32\dllcache\ir50_qc.dll.oldcopy %windir%\system32\ir50_qcx.dll %windir%\system32\ir50_qcx.dll.oldcopy %windir%\system32\dllcache\ir50_qcx.dll %windir%\system32\dllcache\ir50_qcx.dll.oldcopy %windir%\system32\ivfsrc.ax %windir%\system32\ivfsrc.ax.oldcopy %windir%\system32\dllcache\ivfsrc.ax %windir%\system32\dllcache\ivfsrc.ax.oldrem backup operations  wow64copy %windir%\syswow64\ir32_32.dll %windir%\syswow64\ir32_32.dll.oldcopy %windir%\system32\dllcache\wir32_32.dll %windir%\system32\dllcache\wir32_32.dll.oldcopy %windir%\syswow64\ir41_32.ax %windir%\syswow64\ir41_32.ax.oldcopy %windir%\system32\dllcache\wir41_32.ax %windir%\system32\dllcache\wir41_32.ax.oldcopy %windir%\syswow64\ir41_qc.dll %windir%\syswow64\ir41_qc.dll.oldcopy %windir%\system32\dllcache\wir41_qc.dll %windir%\system32\dllcache\wir41_qc.dll.oldcopy %windir%\syswow64\ir41_qcx.dll %windir%\syswow64\ir41_qcx.dll.oldcopy %windir%\system32\dllcache\wir41_qcx.dll %windir%\system32\dllcache\wir41_qcx.dll.oldcopy %windir%\syswow64\ir50_32.dll %windir%\syswow64\ir50_32.dll.oldcopy %windir%\system32\dllcache\wir50_32.dll %windir%\system32\dllcache\wir50_32.dll.oldcopy %windir%\syswow64\ir50_qc.dll %windir%\syswow64\ir50_qc.dll.oldcopy %windir%\system32\dllcache\wir50_qc.dll %windir%\system32\dllcache\wir50_qc.dll.oldcopy %windir%\syswow64\ir50_qcx.dll %windir%\syswow64\ir50_qcx.dll.oldcopy %windir%\system32\dllcache\wir50_qcx.dll %windir%\system32\dllcache\wir50_qcx.dll.oldcopy %windir%\syswow64\ivfsrc.ax %windir%\syswow64\ivfsrc.ax.oldcopy %windir%\system32\dllcache\wivfsrc.ax %windir%\system32\dllcache\wivfsrc.ax.oldrem deletion operations - 32bitif exist %windir%\system32\ir32_32.dll.old (    del %windir%\system32\ir32_32.dll    )if exist %windir%\system32\dllcache\ir32_32.dll.old (    del %windir%\system32\dllcache\ir32_32.dll    )if exist %windir%\system32\ir41_32.ax.old (    del %windir%\system32\ir41_32.ax    )if exist %windir%\system32\dllcache\ir41_32.ax.old (    del %windir%\system32\dllcache\ir41_32.ax    )if exist %windir%\system32\ir41_qc.dll.old (    del %windir%\system32\ir41_qc.dll    )if exist %windir%\system32\dllcache\ir41_qc.dll.old (    del %windir%\system32\dllcache\ir41_qc.dll    )if exist %windir%\system32\ir41_qcx.dll.old (    del %windir%\system32\ir41_qcx.dll    )if exist %windir%\system32\dllcache\ir41_qcx.dll.old (    del %windir%\system32\dllcache\ir41_qcx.dll    )if exist %windir%\system32\ir50_32.dll.old (    del %windir%\system32\ir50_32.dll    )if exist %windir%\system32\dllcache\ir50_32.dll.old (    del %windir%\system32\dllcache\ir50_32.dll    )if exist %windir%\system32\ir50_qc.dll.old (    del %windir%\system32\ir50_qc.dll    )if exist %windir%\system32\dllcache\ir50_qc.dll.old (    del %windir%\system32\dllcache\ir50_qc.dll    )if exist %windir%\system32\ir50_qcx.dll.old (    del %windir%\system32\ir50_qcx.dll    )if exist %windir%\system32\dllcache\ir50_qcx.dll.old (    del %windir%\system32\dllcache\ir50_qcx.dll    )if exist %windir%\system32\ivfsrc.ax.old (    del %windir%\system32\ivfsrc.ax    )if exist %windir%\system32\dllcache\ivfsrc.ax.old (    del %windir%\system32\dllcache\ivfsrc.ax    )rem deletion operations - wow64if exist %windir%\syswow64\ir32_32.dll.old (    del %windir%\syswow64\ir32_32.dll    )if exist %windir%\system32\dllcache\wir32_32.dll.old (    del %windir%\system32\dllcache\wir32_32.dll    )if exist %windir%\syswow64\ir41_32.ax.old (    del %windir%\syswow64\ir41_32.ax    )if exist %windir%\system32\dllcache\wir41_32.ax.old (    del %windir%\system32\dllcache\wir41_32.ax    )if exist %windir%\syswow64\ir41_qc.dll.old (    del %windir%\syswow64\ir41_qc.dll    )if exist %windir%\system32\dllcache\wir41_qc.dll.old (    del %windir%\system32\dllcache\wir41_qc.dll    )if exist %windir%\syswow64\ir41_qcx.dll.old (    del %windir%\syswow64\ir41_qcx.dll    )if exist %windir%\system32\dllcache\wir41_qcx.dll.old (    del %windir%\system32\dllcache\wir41_qcx.dll    )if exist %windir%\syswow64\ir50_32.dll.old (    del %windir%\syswow64\ir50_32.dll    )if exist %windir%\system32\dllcache\wir50_32.dll.old (    del %windir%\system32\dllcache\wir50_32.dll    )if exist %windir%\syswow64\ir50_qc.dll.old (    del %windir%\syswow64\ir50_qc.dll    )if exist %windir%\system32\dllcache\wir50_qc.dll.old (    del %windir%\system32\dllcache\wir50_qc.dll    )if exist %windir%\syswow64\ir50_qcx.dll.old (    del %windir%\syswow64\ir50_qcx.dll    )if exist %windir%\system32\dllcache\wir50_qcx.dll.old (    del %windir%\system32\dllcache\wir50_qcx.dll    )if exist %windir%\syswow64\ivfsrc.ax.old (    del %windir%\syswow64\ivfsrc.ax    )if exist %windir%\system32\dllcache\wivfsrc.ax.old (    del %windir%\system32\dllcache\wivfsrc.ax    )

Re-enable the Indeo functionality after this security update is installed

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.This security update disables some Indeo functionality by not letting Windows Internet Explorer or Windows Media Player use the codec. Certain users may require this functionality and can re-enable this functionality of the Indeo codec by reverting the registry key changes that are made by this security update. The registry key changes are different on the different versions of the Windows operating system.Note Reverting the registry key changes may expose the user to security issues and weaken the security profile of the computer.To revert the APPCOMPAT mitigation without uninstalling the security update, please see the following Windows operating system specific directions that are appropriate for your computer.

Microsoft Windows 2000

Delete or rename the following registry subkeys.

Component

Registry subkey

Iexplore.exe

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility\Iexplore.exe

Wmplayer.exe

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility\Wmplayer.exe

Mplayer2.exe

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility\Mplayer2.exe

Mplay32.exe

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility\Mplay32.exe

Windows XP

Create the following registry subkeys.

Component

Registry subkey

Iexplore.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags REG_DWORD: {5042648C-F439-468D-859B-6CD12BA02D3A}Value data: (hex) 0x00000001

Wmplayer.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags REG_DWORD: {46676BCD-88EB-42E1-B542-6929118E8029}Value data: (hex) 0x00000001

Mplayer2.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags REG_DWORD: {F1DAD733-5C90-4212-AE22-FFDAEB2C5004}Value data: (hex) 0x00000001

Mplayer32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags REG_DWORD: {A5153E0F-B708-46AD-9011-8BE6CA921340}Value data: (hex) 0x00000001

Windows Server 2003, x86-based and x64-based versions

Create the following registry subkeys.

Component

Registry subkey

Iexplore.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags REG_DWORD: {5042648C-F439-468D-859B-6CD12BA02D3A}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {5042648C-F439-468D-859B-6CD12BA02D3A}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {A731342D-6D9B-4FE5-970D-5A3D0B6BBB6C}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {A731342D-6D9B-4FE5-970D-5A3D0B6BBB6C}Value data: (hex) 0x00000001

Wmplayer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags REG_DWORD: {46676BCD-88EB-42E1-B542-6929118E8029}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {46676BCD-88EB-42E1-B542-6929118E8029}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {405BCD49-9AAE-47C8-8E30-A8A504B626CB}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {405BCD49-9AAE-47C8-8E30-A8A504B626CB}Value data: (hex) 0x00000001

Mplayer2.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags REG_DWORD: {F1DAD733-5C90-4212-AE22-FFDAEB2C5004}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {F1DAD733-5C90-4212-AE22-FFDAEB2C5004}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {75A1B058-2189-422D-A967-F7AFF142237C}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {75A1B058-2189-422D-A967-F7AFF142237C}Value data: (hex) 0x00000001

Mplayer32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {A5153E0F-B708-46AD-9011-8BE6CA921340}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {A5153E0F-B708-46AD-9011-8BE6CA921340}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {5B8661D5-ECE1-4BD9-93E8-5B7E56544EE2}Value data: (hex) 0x00000001HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlagsREG_DWORD: {5B8661D5-ECE1-4BD9-93E8-5B7E56544EE2}Value data: (hex) 0x00000001

Known issues

The Quartz.dll file is listed as an unsigned binary

Consider the following scenario:

  • You install this update on a computer that is running Microsoft Windows 2000 with Service Pack 4 and that has DirectX 7 or DirectX 8 installed.

  • You upgrade the system to DirectX 8 or DirectX 9.

  • You try to update the system again with this update.

In this scenario, the Quartz.dll file is successfully updated to the secured version. However, the file may be listed as an unsigned binary. To avoid this issue, follow these steps:

  1. Uninstall the update for the earlier version of Microsoft DirectShow.

  2. Manually delete the following catalog file:

    %systemroot%\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB971633.cat

  3. Upgrade to the newer version of DirectShow.

  4. Install the security update that is appropriate for the new version of DirectX.

More information about this advisory

To access packages, click the following links. For more information about this advisory, click the following article numbers to view the articles in the Microsoft Knowledge Base:

955759 Microsoft Security Advisory: Description of the AppCompat update for Indeo codec: December 08, 2009

976138 Microsoft Security Advisory: Description of the Quartz update for Indeo codec: December 08, 2009

More Information

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.