<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;}
h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
mso-margin-top-alt:auto;
margin-right:0in;
margin-bottom:2.4pt;
margin-left:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
color:black;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Aptos",sans-serif;
color:#0F4761;
font-style:italic;}
span.first-word1
{mso-style-name:first-word1;
font-weight:bold;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:153843149;
mso-list-template-ids:-972897328;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:283778565;
mso-list-template-ids:-972897328;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:586309923;
mso-list-template-ids:-972897328;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1607615994;
mso-list-template-ids:-972897328;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Good afternoon,<o:p></o:p></span></p>
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">The SOC Services team is reporting on the vulnerability
<b>CVE-2009-1537</b> affecting Microsoft Windows 2000 SP4, Windows XP SP2/SP3, and Windows Server 2003 SP2 systems running vulnerable DirectX components. Because CISA added the vulnerability to the KEV catalog following confirmed active exploitation in the
wild</span><span lang="EN" style="font-family:"Calibri",sans-serif;color:red">,</span><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"> targeting vulnerable Windows systems through malicious media files, we are providing this in-depth information.
<o:p></o:p></span></p>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">History:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> On May 29, 2009, CVE-2009-1537 was publicly disclosed after Microsoft confirmed
active exploitation involving crafted QuickTime media files abusing the QuickTime Movie Parser Filter in quartz.dll within DirectShow. The CVSS v3.x base score is 8.8 (HIGH) as assigned by CISA-ADP.<o:p></o:p></span></h4>
<h4 style="margin-top:0in"><span lang="EN" style="color:windowtext"><o:p> </o:p></span></h4>
<h4 style="margin-top:0in"><span lang="EN" style="font-family:"Calibri",sans-serif">Affected Versions<o:p></o:p></span></h4>
<ul style="margin-top:0in" type="disc" id="affectedVersionsList">
<li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Microsoft DirectX 7.0 through 9.0c<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Windows 2000 Service Pack 4<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Windows XP Service Pack 2<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Windows XP Service Pack 3<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Windows XP Professional x64 Edition<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Windows Server 2003 Service Pack 2<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Windows Server 2003 x64 Edition SP2<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo1">
<span lang="EN" style="font-family:"Calibri",sans-serif">Windows Server 2003 Itanium SP2<o:p></o:p></span></li></ul>
<h4 style="margin-top:0in"><span lang="EN" style="font-family:"Calibri",sans-serif">Fixed Versions<o:p></o:p></span></h4>
<ul style="margin-top:0in" type="disc" id="fixedVersionsList">
<li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo2">
<span lang="EN" style="font-family:"Calibri",sans-serif">Microsoft Security Bulletin MS09-028<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo2">
<span lang="EN" style="font-family:"Calibri",sans-serif">Security update KB971633<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo2">
<span lang="EN" style="font-family:"Calibri",sans-serif">Systems updated with the June 2009 DirectShow/DirectX security patch set<o:p></o:p></span></li></ul>
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Microsoft DirectShow contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter within quartz.dll. Successful exploitation allows remote attackers to execute arbitrary
code via a specially crafted QuickTime media file. Microsoft confirmed limited active exploitation in the wild at the time of disclosure</span><span lang="EN" style="font-family:"Calibri",sans-serif">.<span style="color:black"><o:p></o:p></span></span></p>
<p><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Vendor Advisory:
<a href="https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028">
Microsoft Security Advisory 971778 / MS09-028</a><o:p></o:p></span></p>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Intelligence:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> On May 20, 2026, CISA confirmed the vulnerability in the Known Exploited
Vulnerabilities Catalog.<o:p></o:p></span></h4>
<p><strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Exploitability:</span></strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"> Network Exploitability<br>
<strong><span style="font-family:"Calibri",sans-serif">Complexity:</span></strong> Low<br>
<strong><span style="font-family:"Calibri",sans-serif">User Interaction:</span></strong> Required<br>
<strong><span style="font-family:"Calibri",sans-serif">Remotely Exploitable:</span></strong> Yes<br>
<strong><span style="font-family:"Calibri",sans-serif">Proof of Concept:</span></strong> Publicly Available<br>
<strong><span style="font-family:"Calibri",sans-serif">Zero Day:</span></strong> No<o:p></o:p></span></p>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Workarounds:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> Disable the QuickTime Movie Parser Filter in quartz.dll, Restrict handling
of QuickTime media files in vulnerable environments, block untrusted media attachments at email gateways, prevent execution of media content from untrusted websites, and implement least privilege user controls to reduce impact of successful exploitation</span><span lang="EN" style="font-family:"Calibri",sans-serif;color:windowtext;font-weight:normal">.</span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">How it Works:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"> The vulnerability exists in the QuickTime Movie Parser Filter within
quartz.dll used by Microsoft DirectShow. Attackers craft malformed QuickTime media files containing malicious NULL byte overwrite conditions that corrupt memory during parsing operations. When a user opens the malicious media file through a vulnerable application
or browser context, the parser improperly handles embedded metadata structures, triggering memory corruption and arbitrary code execution under the context of the logged-in user. The vulnerability aligns closely with CWE-158 (Improper Neutralization of Null
Byte or NUL Character). Exploitation commonly involved malicious websites or email-delivered multimedia attachments during observed campaigns</span><span lang="EN" style="font-family:"Calibri",sans-serif;color:windowtext;font-weight:normal">.</span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="color:windowtext;font-weight:normal"><o:p><span style="text-decoration:none"> </span></o:p></span></span></h4>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Post-Exploit Impact:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<ul style="margin-top:0in" type="disc" id="postExploitImpactList">
<li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo3">
<span lang="EN" style="font-family:"Calibri",sans-serif">Remote code execution (CWE-94)<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo3">
<span lang="EN" style="font-family:"Calibri",sans-serif">Arbitrary process execution under user context (CWE-119)<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo3">
<span lang="EN" style="font-family:"Calibri",sans-serif">System compromise (CWE-284)<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo3">
<span lang="EN" style="font-family:"Calibri",sans-serif">Malware installation (CWE-506)<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo3">
<span lang="EN" style="font-family:"Calibri",sans-serif">Credential theft (CWE-522)<o:p></o:p></span></li></ul>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Indicators of Compromise (IoCs):</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="75%" style="width:75.34%;border-collapse:collapse">
<thead>
<tr>
<td width="8%" style="width:8.64%;border:solid #CCCCCC 1.0pt;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Type<o:p></o:p></span></b></p>
</td>
<td width="32%" style="width:32.6%;border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Value<o:p></o:p></span></b></p>
</td>
<td width="39%" style="width:39.04%;border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Description / Notes<o:p></o:p></span></b></p>
</td>
<td width="19%" style="width:19.72%;border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Source<o:p></o:p></span></b></p>
</td>
</tr>
</thead>
<tbody>
<tr>
<td width="8%" style="width:8.64%;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">File<o:p></o:p></span></b></p>
</td>
<td width="32%" style="width:32.6%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">.mov or QuickTime media files with malformed metadata structures<o:p></o:p></span></p>
</td>
<td width="39%" style="width:39.04%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Crafted QuickTime media files used to trigger memory corruption during parsing<o:p></o:p></span></p>
</td>
<td width="19%" style="width:19.72%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Microsoft Advisory<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="8%" style="width:8.64%;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Process<o:p></o:p></span></b></p>
</td>
<td width="32%" style="width:32.6%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Unexpected crashes involving quartz.dll<o:p></o:p></span></p>
</td>
<td width="39%" style="width:39.04%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Application crashes or faults during media playback or preview<o:p></o:p></span></p>
</td>
<td width="19%" style="width:19.72%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Microsoft Security Response Center<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td width="8%" style="width:8.64%;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Network<o:p></o:p></span></b></p>
</td>
<td width="32%" style="width:32.6%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Outbound connections following media file execution<o:p></o:p></span></p>
</td>
<td width="39%" style="width:39.04%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Potential command-and-control activity after successful exploitation<o:p></o:p></span></p>
</td>
<td width="19%" style="width:19.72%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Threat Intelligence Reporting<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<h4 align="center" style="margin-top:0in;text-align:center"><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif"><o:p><span style="text-decoration:none"> </span></o:p></span></span></h4>
<h4 align="center" style="margin-top:0in;text-align:center"><span class="first-word1"><span lang="EN" style="color:windowtext"><o:p><span style="text-decoration:none"> </span></o:p></span></span></h4>
<h4 style="margin-top:0in"><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Tenable Plugins:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="75%" style="width:75.14%;border-collapse:collapse">
<thead>
<tr>
<td width="8%" style="width:8.66%;border:solid #CCCCCC 1.0pt;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Plugin ID<o:p></o:p></span></b></p>
</td>
<td width="72%" style="width:72.08%;border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Plugin Title<o:p></o:p></span></b></p>
</td>
<td width="9%" style="width:9.32%;border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Severity<o:p></o:p></span></b></p>
</td>
<td width="9%" style="width:9.94%;border:solid #CCCCCC 1.0pt;border-left:none;background:#F2F2F2;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black">Platform<o:p></o:p></span></b></p>
</td>
</tr>
</thead>
<tbody>
<tr>
<td width="8%" style="width:8.66%;border:solid #CCCCCC 1.0pt;border-top:none;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><b><span style="font-family:"Calibri",sans-serif;color:black"><a href="https://www.tenable.com/plugins/nessus/39791">39791</a><o:p></o:p></span></b></p>
</td>
<td width="72%" style="width:72.08%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif;color:black">Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)<o:p></o:p></span></p>
</td>
<td width="9%" style="width:9.32%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif">High<o:p></o:p></span></p>
</td>
<td width="9%" style="width:9.94%;border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;border-right:solid #CCCCCC 1.0pt;padding:6.0pt 6.0pt 6.0pt 6.0pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-family:"Calibri",sans-serif">Nessus<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<h4><span class="first-word1"><span lang="EN" style="font-family:"Calibri",sans-serif">Recommended Actions:</span></span><span lang="EN" style="font-family:"Calibri",sans-serif;font-weight:normal"><o:p></o:p></span></h4>
<p><strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black">Date Added to KEV Catalog:</span></strong><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"> May 20, 2026<br>
<strong><span style="font-family:"Calibri",sans-serif">Due Date for Remediation:</span></strong> June 3, 2026
<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Immediately deploy Microsoft MS09-028 security updates across all vulnerable Windows systems<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Prioritize remediation of legacy Windows XP and Windows Server 2003 systems still operating within enterprise environments<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Verify host has not been compromised before applying patches.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Apply appropriate updates provided by the vendor to vulnerable systems after testing.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Run all software as a non-privileged user to reduce the impact of a successful attack.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo4">
<span lang="EN" style="font-family:"Calibri",sans-serif">Apply the Principle of Least Privilege to all systems and services.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><b><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></b></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="702" style="width:526.5pt;border-collapse:collapse">
<tbody>
<tr style="height:63.0pt">
<td width="118" valign="top" style="width:88.35pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-CN"><img border="0" width="121" height="87" style="width:1.2604in;height:.9062in" id="Picture_x0020_4" src="cid:image001.png@01DCE867.B7ED4CD0"></span><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-CN"><o:p></o:p></span></p>
</td>
<td width="493" valign="top" style="width:369.65pt;padding:0in 4.65pt 0in 4.65pt;height:63.0pt">
<p class="MsoNormal" style="line-height:105%"><b><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">Cyber Security Services<o:p></o:p></span></b></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">State of Oregon Cyber Security Services<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">Enterprise Information Services | SOC<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">Cyber Security Services (CSS)<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:105%"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:black;mso-fareast-language:ZH-CN">SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378</span><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-CN"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="color:black;mso-ligatures:standardcontextual"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN" style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
</body>
</html>