You are currently offline, waiting for your internet to reconnect

Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Introduction
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:

To have us workaround the issue discussed in the security advisory for you, go to the "Fix it for me" section. To work around this problem yourself, go to the "Let me fix it myself" section.
Fix it for me
To implement the workaround that disables QuickTime parsing automatically on a computer that is running Windows 2000, Windows XP or Windows Server 2003, click the Fix this problemlink under Enable workaround. To undo the workaround, click the Fix this problemlink under Disable workaround. In either scenario, click Runin the File Downloaddialog box, and follow the steps in the Fix it wizard.


Enable workaroundDisable workaround


Note this wizard may be in English only; however, the automatic fix also works for other language versions of Windows.

Note if you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.

Next, go to the "Did this fix the problem?" section.
Let me fix it myself
To implement the workaround that disables QuickTime parsing yourself, use one of the following methods:
ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756How to back up and restore the registry in Windows

Using the interactive method

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkeys in the registry:
    • For 32-bit Windows systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
    • For 64 bit Windows Systems:
      HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}

      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
  3. On the File menu, click Export.
  4. In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save.

    Note By default, this will create a backup of this registry key in the My Documents folder.
  5. Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.
  6. Exit Registry Editor.

Using a managed deployment script

  1. Create a backup copy of the registry keys by using a managed deployment script that contains the following text:
    • For 32-bit Windows systems:
      Regedit.exe /e Quicktime_Decoder_Backup.regHKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
    • For 64 bit Windows Systems:
      Regedit.exe /e Quicktime_Decoder_Backup.regHKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
  2. Copy the following text to a text file, and then save the file by using a .REG extension. For example, save the file as "Disable_Quicktime_Parser.reg":
    • For 32-bit Windows systems:
      Windows Registry Editor Version 5.00[-HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
    • For 64 bit Windows Systems:
      Windows Registry Editor Version 5.00[-HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}][-HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}]
  3. On the target computer, type the following command from an elevated command prompt to run the registry script:
    Regedit.exe /s Disable_Quicktime_Parser.reg

Impact of the workaround

QuickTime content playback will be disabled.

How to undo the workarounds

How to undo the interactive method
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. On the File menu, click Import.
  3. In the Import Registry File dialog box, select Quicktime_Parser_Backup.reg, and then click Open.
  4. Exit Registry Editor, and then restart the computer.
How to undo the managed deployment script
On the target computer, type the following command from an elevated command prompt to restore the original state:
Regedit.exe /s Quicktime_Parser_Backup.reg
Did this fix the problem?
Check whether the registry key is created or modified. If the registry key is created or modified, you are finished with this article. If the registry key is not created or modified, you can contact support.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000 fixit fix it
Properties

Article ID: 971778 - Last Review: 07/08/2009 21:01:37 - Revision: 4.2

  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • Microsoft Windows 2000 Service Pack 4
  • kbmsifixme kbfixme kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbsurveynew kbregistry KB971778
Feedback