Microsoft on Thursday issued a security advisory for a new vulnerability in DirectX, used on Windows to enable graphics and sound, that could enable a remote hacker to execute arbitrary code if users open specially crafted QuickTime files. Microsoft said that it was aware of active attacks using exploit code for the vulnerability. Windows 2000 (SP4), Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not. — CAM