Vulnerabilities in QuickTime for Windows Leads to Immediate End of Support

ITS Advisory Number: 
2016-071
Date(s) Issued: 
Tuesday, April 19, 2016
Subject: 
Vulnerabilities in QuickTime for Windows Leads to Immediate End of Support
Overview: 

US-CERT is recommending users uninstall QuickTime for Windows on all Windows machines due to Apple's decision to deprecate the application. QuickTime is an extensible multimedia framework developed by Apple capable of handling various formats of digital pictures, videos, sound, panoramic images and interactivity.

QuickTime for Windows was bundled with Apple's iTunes prior to iTunes 10.5. Running unsupported software could result in introducing your environment to potential negative consequences including loss of confidentiality, integrity or availability of data as well as damage to system resources and business assets. 

Systems Affected: 
  • All MS-Windows systems running iTunes
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

US-CERT is recommending users uninstall QuickTime for Windows on all Windows machines due to Apple's decision to stop support of the application. Citing a blog post made on April 14th by Christopher Budd of Trend Micro, Apple has decided to stop support of QuickTime for Windows. This decision is based on the fact that websites today are increasingly using the HTML5 web standard for a better video-playback experience across a wide array of browsers that require no additional plug-ins or software. Apple notes that when you uninstall QuickTime that it will also remove the legacy web plugin as well.

Zero Day Initiative has already seen two critical vulnerabilities within QuickTime for Windows. Those vulnerabilities are detailed in the references section under Zero Day Initiative.

Running unsupported software could result in introducing your environment to potential negative consequences including loss of confidentiality, integrity or availability of data as well as damage to system resources and business assets. 

Actions: 
  • Inventory software to determine if QuickTime has been installed on any Windows systems in your environment.
  • Develop a proper mitigation plan to ensure the software is removed appropriately.
  • Uninstall QuickTime on all Windows machines