Microsoft has warned users that an as-yet unpatched vulnerability in DirectX is under attack from ne'er-do-wells.In a Security Bulletin on the company's website – found via BetaNews – the company warns that a vulnerability in thelibrary which ships with DirectX for the parsing of QuickTime format video files. A successful attack against the vulnerability can lead to remote code execution.The flaw affects all versions of Windows prior to Windows Vista – including Windows 2000 Service Pack 4 and Windows XP. Server editions prior to Windows Server 2008 are also vulnerable.The attack requires that a specially crafted QuickTime media file is opened by the target – so a silent attack that requires no user interaction is not thought to be possible. That said, once the user has opened a malicious QuickTime file, the vulnerability results in code execution at the same privilege level as the user's account – most commonly full administrator rights.So far, Microsoft has not developed a patch to fix this vulnerability. In a post to the company's security blog several workarounds are, however, offered. The easiest workaround is to delete theregistry key, which disables QuickTime parsing viaand prevents the malicious code from executing. Sadly, this also means that QuickTime playback via DirectShow is disabled – although if you're using another method to play these files, there are no other ill effects.Should Microsoft break with tradition and launch an out-of-cycle patch for this vulnerability, or is it non-urgent enough to wait – despite being actively exploited in the wild? Share your thoughts over in the forums