Microsoft Security Advisory: Description of the Quartz update for the Indeo codec: December 8, 2009

This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:

Known issues with this security update

  • The computer is not protected if you apply an incorrect version of this security update

    If you manually download and then apply an incorrect version of this security update, the computer will not be protected. For example, consider the following scenario:
    • You previously upgraded the in-box DirectX component on a computer that is running Windows 2000 to a newer version of DirectX. For example, you upgraded the default version of DirectX 7 in Windows 2000 to DirectX 9.
    • You manually download the update for DirectX 7 from the Microsoft download center, and then you installed it on the affected computer.
    In this scenario, the update installs successfully. However, the vulnerable binary is not replaced. Therefore, the computer remains in a vulnerable condition.

    We recommend that you run the DirectX Diagnostic Tool to determine the version of DirectX that you are running to make sure that you download the correct version of this security update.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    157730 How to determine the version of DirectX using the DirectX Diagnostic Tool
  • The Quartz.dll file appears as an unsigned binary

    Consider the following scenario:
    • You install this update on a computer that is running Microsoft Windows 2000 with Service Pack 4 and that has DirectX 7 installed.
    • You upgrade the system to DirectX 9.
    • You try to update the system again by using this update.
    In this scenario, the Quartz.dll file is successfully updated to the secured version. However, the file may appear as an unsigned binary.

    To avoid this issue, follow these steps:
    1. Uninstall the update for the earlier version of the Microsoft DirectShow application.
    2. Manually delete the following catalog file:
    3. Upgrade to the newer version of DirectShow.
    4. Install the security update that is appropriate for the new version of DirectX.

Update information

How to obtain this update

The following files are available for download from the MicrosoftDownload Center:
All supported x86-based versions of Windows 2000 (DirectX 9)
DownloadDownload the Windows2000-DirectX9-KB976138-x86-ENU package now.

All supported x86-based versions of Windows 2000 (In band)
DownloadDownload the Windows2000-KB976138-x86-ENU package now.

File information

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows 2000 file information

For all supported editions of Microsoft Windows 2000 (DirectX9)
File nameFile versionFile sizeDateTimePlatform
For all supported editions of Microsoft Windows 2000 (In-band)
File nameFile versionFile sizeDateTimePlatform
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE

Article ID: 976138 - Last Review: 10/21/2013 20:54:58 - Revision: 1.0

Microsoft Windows 2000 Service Pack 4

  • kbnosurvey kbarchive kbsecadvisory kbsecurity kbsurveynew kbbug kbfix atdownload kbexpertiseinter KB976138