Windows QuickTime users - APPLY THE PATCH!!

Published 12 January 06 11:32 AM

Apple has released a patch for Quicktime that fixes a bucket-load of image parsing bugs. If you're a Windows user, you should apply th patch ASAP. The clock is ticking.

http://www.us-cert.gov/cas/techalerts/TA06-011A.html

by michael_HOWARD
Filed under:

Comments

# Travis Owens said on January 12, 2006 2:46 PM:
All you need to do is run ver 7.0.4 as it fixes the flaws, the direct link to the standalone (iow no iTunes) Quicktime can be found at:

http://www.apple.com/quicktime/download/standalone.html
# Alun Jones said on January 12, 2006 3:27 PM:
Apple's site is really not easy to make your way through - most people searching for the patch here have ended up at either a page telling you how to run the Mac equivalent of Windows Update (not helpful to those of us looking for Windows fixes), or a page offering the Mac Quicktime download (again, not helpful to Windows users).

A few have been able to find the Windows download page, but the most obvious link from there is to download iTunes packaged with QuickTime, and you can't tell from the version of the package whether it contains the right version of QuickTime.

Following a tip, I did eventually find that if you click on some really small text, ignoring the big button, there is a link to a standalone install for QuickTime for Windows 7.0.4 - http://www.apple.com/quicktime/download/standalone.html

Sadly, this is not a patch, it's a full replacement. I can't find the document today, but I seem to remember reading yesterday that Apple recommends you uninstall QuickTime first, then install the new version.

So, for those people complaining about MS patch management, I'd point them to how painful it is to address this QuickTime flaw.

At the place I work, we're trying to figure out exactly how to roll it out to the various workstations that have it deployed already, and we're praying that the answer isn't that we have to visit a couple of hundred cubicles.
# PatriotB said on January 12, 2006 3:43 PM:
Oh, great. Another 20 MB download to fix one little QT bug.
# tony roth said on January 12, 2006 3:49 PM:
hmm, are you trying to imply something here?
tr
# Bertrand Le Roy said on January 12, 2006 3:52 PM:
Even though the vulnerability is in Apple's code, if this is exploited, it will affect Window's security perception in the public. Shouldn't we work with Apple on this to make the patch available from Microsoft Update?
# tzagotta said on January 12, 2006 5:31 PM:
Funny how the media really amplifies security holes found in MS products, e.g., recent WMF issues, and is nearly dead silent on similar issues in Apple's software. What's up with that?
# LarryOsterman said on January 12, 2006 7:36 PM:
What about previous versions of quicktime? If I have QT 6.5.2, am I vulnerable?
New Comments to this post are disabled
Page view tracker