CERT, Trend Micro security pros put out urgent call to action: Uninstall Quicktime for Microsoft Windows

Now that Apple is no longer issuing security updates for the software, known vulnerabilities are wide open to exploitation, the security experts say. 
Global
Privacy & Security
By Mike Miliard , Executive Editor | April 15, 2016 | 5:42 PM

The United States Computer Emergency Readiness Team, or US-CERT has put out a warning that Windows users should immediately uninstall QuickTime, as running the now-unsupported software could expose them to "elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss."

By exploiting vulnerabilities in QuickTime for Windows, cyber attackers could gain remote control of affected systems, the notice says.

"Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets," according to US-CERT. "The only mitigation available is to uninstall QuickTime for Windows."

Specifically, US-CERT points to research by security company Trend Micro, which on Thursday put out an "urgent call to action" that users follow Apple's recommendations about Quicktime and uninstall the outdated video viewing program on Windows machines.

Sign up for the Healthcare IT News Privacy & Security Update newsletter.

Apple will continue to offer security updates for Quicktime on Mac OSX; the company explained how to uninstall QuickTime on a support page of its web site. 

"Our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows," wrote Christopher Budd, global threat communications manager at Trend Micro. "These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

"We’re not aware of any active attacks against these vulnerabilities currently," Budd added. "But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topic:
Privacy & Security

More Regional News

VA building signage
VA now plans 30K in staff reductions by EOY
By Andrea Fox |
Woman sits on yoga mat in living room looking through data on her tablet
Samsung acquires Xealth in push toward connected care
By Andrea Fox |
Michelle Best of Providence on VBC
Providence scores big VBC wins with risk and quality reporting tool
By Bill Siwicki |