Last week Apple indirectly announced that it would be no longer providing support or security updates for their QuickTime player when installed on Microsoft Windows. Please note that QuickTime for Mac OS X is not affected by this change.
Why Should This Change Be Considered Important?
The recent public disclosure of 2 critical security vulnerabilities (detailed here and here) means that QuickTime is currently vulnerable to these issues and will remain that way. These issues were originally responsibly disclosed (defined) to Apple in late 2015. Apple after carrying out a decision making process has concluded that security updates and support for QuickTime on Windows should now be withdrawn. This appears to be due their decision to withdraw this product from their future roadmap (as shown in the ZDI security advisories linked to above).
How Can I Protect Myself From These Newly Disclosed Issues and in the Future?
As recommend by US-CERT as well as Trend Micro and within this InfoWorld article the only certain way to protect yourself from these newly disclosed vulnerabilities is to uninstall QuickTime for Windows.
The above recommendation will also serve to protect you going forward since software that you don’t have installed cannot be exploited (provided there are no remnants/leftovers after uninstalling).
I use QuickTime for Windows for Essential Workflows or Business Purposes, What Can I Use Going Forward?
As detailed in the previously linked to Trend Micro blog post, alternatives such as K-Lite Media Codec pack, QT Lite and Media Player Classic are available as alternatives. If you use QuickTime as a media player only, you could consider the open-source (defined: the source code (human readable code) is free to view and edit by the wider IT community) VideoLAN VLC Player.
Alternatively if none of the above QuickTime substitutes meet your specific needs you could consider installing the most recent version of QuickTime (version 7.7.9) onto a supported version of Windows and then air-gapping that PC. The concept of air-gapping is discussed in-depth in a previous blog post. But as discussed in that post, this approach is not without disadvantages and isn’t 100% safe.
If These Issues Are So Serious Why Is Apple QuickTime For Windows Still Available To Download?
As discussed above QuickTime has many varied uses and simply withdrawing it from the download page would have been even more inconvenient.
In addition, Apple did not publish a timeline in advance for phasing out QuickTime and possibly for this reason it remains available so as not to inconvenience existing users. This also allows anybody using any version prior to 7.7.9 to update to the most recent version to protect against previously resolved vulnerabilities.
I hope that this information is useful to you as you gradually transition from QuickTime for Windows in order to avoid possible exposure to the above mentioned vulnerabilities as well as future vulnerabilities that may be discovered.