Home> Microsoft DirectX attack anticipated.

Microsoft DirectX attack anticipated.

  • August 19, 2003 3:40 PM


Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could completely overshadow last week's events. On 23 July Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to Microsoft, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.

The danger comes, says Microsoft, in a component of DirectX that relies on a library file called quartz.dll, which is used by a number of applications -- including Internet Explorer -- to play midi files. A specially designed midi file could cause a buffer overflow error and either pass control of the system to an attacker, cause damage to the system or use the system to set off another MSBlast-type attack.

Just like the RPC flaw that MSBlaster exploited, the patch for both have been out for quite some time now. If you have not updated your DirectX 9 Runtimes lately, maybe you should.


Comment Form

Index of all entries

Home> Microsoft DirectX attack anticipated.

Powerd By

Return to page top