Microsoft announced it's working on a fix for a vulnerability in DirectShow, a video streaming media technology that's part of DirectX. The bug could allow hackers to takeover your computer by injecting code into a QuickTime file.
The remote code execution vulnerability exists in the way Microsoft DirectShow, audio and video sourcing and rendering software, handles supported QuickTime format files, the company said.
"Microsoft is aware of limited, active attacks that use this exploit code," Microsoft's security advisory said. "If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."