Expect another round of patches from Microsoft this coming Tuesday.
Microsoft has released the details of these patches, most of which fall into the remote code execution or elevated privileges category.
Two of the six patches will be for DirectX. It was a couple of months ago that Microsoft finally admitted they had been tracking attacks targeting DX. The loop hole the attacks were using allowed for complete, system wide, control through the use of a malformed QuickTime video.
This predates the announcement that the Video ActiveX control for IE could be exploited through the use of DirectShow filters. This announcement was made just this week and shows again the way malicious coders use our own habits against us.
It seems that as we consume more and more online video content the malware creators are moving towards that medium. After all it was not that long ago that .zip files were the big thing for inserting malware as .jpg files were before that and office files before that.
While these flaws probably should have been detected and corrected before this, it is still interesting to see how the patterns for malware change and evolve with our online usage. Just look at the increase in Twitter spam and malware inserted in tiny URL links. The increase in Skype Spam and the number of attacks and expoits in AIM and Live Messenger.
Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.