Microsoft says that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable to this security issue; all versions of Windows Vista and Windows Server 2008 are not vulnerable.  Dangerous Microsoft DirectX vulnerability under attack

Hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support. Vulnerable Windows users should consider disabling QuickTime parsing to thwart attackers. Microsoft provides a fix-it button that automatically enables the workaround.

The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed.

Interestingly, the vulnerable component was removed from Windows Vista and later operating systems but is still available for use in the Microsoft Windows 2000, Windows XP, and Windows Server 2003 operating systems.

I'll bet the blogs are full of speculation about why that is so. In any case, the usual security caveats remain, and make sure to check back regularly for any secuyrity issues I find, they will be linked in the Security Alert panel in the right sidebar.

Welcome back to Groupings blog. Now that you are a regular, please feel free to comment on any story that you feel comfortable with.