Page may be out of date

This page has not been updated in the last 5 years. The content on this page may be incorrect. If you have any questions please contact the web team.

Information Security Elevated Risk Advisory for Apple QuickTime

May 17, 2016

MU Information Security Elevated Risk Advisory
Apple QuickTime for Windows

Apple has announced that it is ending support for their QuickTime 7 for Windows product. QuickTime for Windows was commonly installed on Microsoft Windows PC’s in the form of a web browser plug-in and stand-alone player to support web-based media; it was also included as a component of the Apple iTunes media management software.

According to the Apple support site, current Windows web browsers already support media playback; and iTunes version 10.5 and later no longer include the QuickTime component.

Impact

Because using unsupported software may increase the risk from viruses and other security threats, members of the Marshall University community are advised to discontinue their use of the QuickTime software for Windows on both University- and personally-owned computers. If you have a business-critical application which specifically requires QuickTime for Windows – not just key media formats such as H.264 and AAC which are already supported by current Windows web browsers – we ask that you please contact the Marshall IT Information Security team to discuss alternative risk reduction solutions.

Solution

Apple, the US-CERT, and the Marshall Information Technology team recommend system users and administrators be aware of the risks associated with unsupported software and take the following actions in response to this advisory:

Determine if QuickTime is a necessary component for any business-critical applications.*
Uninstall QuickTime for Windows Software (if you have administrative privileges) and you have determined that it is not needed for machines which you own or manage; or Contact your IT Service Provider (if you do not have admin privileges ) and ask whether QuickTime can be uninstalled;
Be Aware of Automated Efforts Which Are Underway by the Marshall IT Security team through the use of the Dell/KACE software inventory platform to do the following:
- Compile a list of University-owned computers which still have QuickTime installed
- Schedule KACE Desktop Alerts for machines which still show QuickTime as installed
- Automate the uninstallation of QuickTime for shared-use and centrally-managed machines
Discontinue installation of QuickTime for Windows software in new system image builds and PC deployments.

*Note: Please contact Marshall IT Information Security and your department IT service provider to let us know if you have a business-critical application which require the continued use of QuickTime.

Reference Material

Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
https://www.us-cert.gov/ncas/alerts/TA16-105A
QuickTime 7 for Windows is No Longer Supported
https://support.apple.com/en-us/HT201175
Uninstall QuickTime 7 for Windows
https://support.apple.com/en-us/HT205771

Thank you for your continued attention to information security,

Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: 304-696-3270, @joncutler | BeHerd Feedback
http://www.marshall.edu/InfoSec

[This information from 4/26/2016 security advisory e-mail which was bcc’ed to ALL Marshall University Exchange Users]

Recent Releases

Don't take the bait, hook, line and sinker!

December 8, 2022

Replacement of AppsAnywhere with Cameyo

March 4, 2024

Important Update: National Data Breach Concerning TIAA and National Student Clearinghouse

August 14, 2023

Protecting Confidential and Sensitive Data while using AI

August 1, 2023