Microsoft has released a patch for yet another vulnerability it found in all of it's OS's this week!
This question was answered on July 25, 2003. Much of the information contained herein may have changed since posting.
For the 3rd week in a row Microsoft users are affected by a new critical vulnerability that has been found among two other milder ones
Microsoft OS's (98, 98SE, NT, ME, XP, 2k & 2003 Server) were warned this week of an unchecked buffer in DirectX that could enable a system to be compromised DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support Within DirectX, the DirectShow technology performs client-
side audio and video sourcing, manipulation, and rendering
To exploit this ulnerability, the attacker would require the ability to send a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it by using an HTML-based e-mail Microsoft encourages all customers to review the Security Bulletins to keep optimal security The risk is considered ‘critical’ which is the highest security breach they have
Download locations for this patch:
The patches for all Windows systems are available via:
The complete technical details are posted at the Microsoft web site:
About the author
Posted by Michal of Data Doctors on July 25, 2003