SECURITY

Microsoft Warns of DirectX Security Flaw

Print Version
E-Mail Article
Reprints

By Staff Writer
E-Commerce Times
Part of the ECT News Network
07/24/03 2:47 PM PT

In order to exploit the flaw, an attacker would need to devise a boobytrapped MIDI file and then lure a user to download it by either visiting a Web site or opening an HTML-based e-mail.


Free WiFi Hotspot Locator from TechNewsWorld
Wondering where to find the nearest publicly available WiFi Internet access? Our global directory of more than 100,000 locations in 26 countries is a terrific tool for mobile computer users.

Microsoft (Nasdaq: MSFT) Latest News about Microsoft has released a security bulletin warning that a flaw in the DirectX graphic interface in a majority of Windows computers leaves users vulnerable to buffer overruns.

The vulnerability allows hackers to execute code on a user's PC at the user's security level, according to Microsoft. It affects PCs running Windows Rackspace is the expert when it comes to delivering Windows and Linux hosting solutions. Click here to learn more. 98 and higher on the client side; on the server end, Windows Server 2003, Windows 2000 Server and some versions of Windows NT are affected.

Microsoft rated the flaw's severity as "critical" in all cases except for Windows Server 2003. The company already has made a patch available at its Web site and urges users to apply it immediately.

MIDI Problems

Specifically, the flaw exploits DirectX's DirectShow application programming interface (API), which performs desktop audio and video functions. As a result, in addition to granting an attacker access to a user's computer, the flaw also has the potential to cause programs employing DirectShow to crash.

To exploit this flaw, an attacker would need to devise a jiggered MIDI file and then lure a user to download it by either visiting a Web site or opening an HTML-based e-mail.

Windows Server 2003 runs on a default configuration in which Outlook Express views e-mail Learn how you can enhance your email marketing program today. Free Trial - Click Here. in plain text instead of HTML; thus, the flaw is not rated critical for this version of the OS.

One More Thing

Forrester Research principal analyst Frank Gillett told the E-Commerce Times that use of advanced graphics capabilities on PCs has increased over time. "Windows XP is leaning harder on these technologies than ever [with processes like] rendering, menu-popping and anti-aliasing fonts," he noted.

Meanwhile, Forrester research director Ken Smiley told the E-Commerce Times that as DirectX has built its API capabilities over time, it has become a common benchmark for PC developers working with any sort of graphics.

He noted that the version of DirectX that ships with Windows is usually obsolete out-of-the-box, so users frequently download an upgrade via the Web or obtain a new version bundled with a program like Windows Media Player or a new game. Games typically ship with the latest DirectX drivers.

Enterprise First

According to Smiley, the latest DirectX flaw affects consumers significantly more than enterprises. Unfortunately for consumers, they are low on the priority list in Microsoft's secure computing strategy.

Even so, Smiley questioned whether the announcement constituted earth-shaking news.

"It won't be the first [time] this happens, and it won't be the last," he said. "You just fix it and move on."

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Staff Writer   RSS

Related News Alerts

Microsoft Activate Alert | Search Archives
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]