Goedzo?! NiMS Forum Nieuw onderwerp  Reageer
mijn profiel | leden lijst inloggen | registreer | zoek | faq | forum home

  volgend oudste onderwerp   volgende nieuwste onderwerp
»
» Mijn recente berichten « | » De actieve onderwerpen van vandaag « 		Goedzo?! NiMS Forum » Actueel » Veiligheid » CRITICAL: A DirectX threat

- UBBFriend: Email deze pagina naar iemand!    
Auteur Onderwerp: CRITICAL: A DirectX threat
LilWiz
life ain't hard, just don't make it hard


Beoordeeld:
5 		Icoon 1 geplaatst      Profiel voor LilWiz   Homepage     Stuur een nieuw prive bericht       Bewerk/Verwijder bericht   Reageer met Quotes 
Microsoft seems to have survived the MSBlast worm attack, but now the company is urging Windows users to patch their systems against a different, and potentially more dangerous, vulnerability in its software. Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could overshadow last week's events. On July 23, Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to the company, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.

The danger comes, says Microsoft, in a component of DirectX that relies on a library file called quartz.dll, which is used by a number of applications--including Internet Explorer--to play MIDI files. A specially designed MIDI file could cause a buffer overflow error and either pass control of the system to an attacker, cause damage to the system or use the system to set off another MSBlast-type attack. Russ Cooper, chief scientist at security company TruSecure, expects a worm or virus to take advantage of the vulnerability in the near future: "We are definitely afraid of the DirectX vulnerability."

The vulnerability, he said, is very widespread because few people have applied the patch for this. Cooper believes it could be exploited by a worm that uses several methods of spreading, similar to the way that MSBlast did.

Maximum Severity Rating: Critical

Recommendation: Customers should apply the security patch immediately

Affected Software:

- Microsoft DirectX® 5.2 on Windows 98
- Microsoft DirectX 6.1 on Windows 98 SE
- Microsoft DirectX 7.0a on Windows Millennium Edition
- Microsoft DirectX 7.0 on Windows 2000
- Microsoft DirectX 8.1 on Windows XP
- Microsoft DirectX 8.1 on Windows Server 2003
- Microsoft DirectX 9.0a when installed on Windows Millennium Edition
- Microsoft DirectX 9.0a when installed on Windows 2000
- Microsoft DirectX 9.0a when installed on Windows XP
- Microsoft DirectX 9.0a when installed on Windows Server 2003
- Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
- Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.

To fix this, either install DirectX 9.0b, which includes the fix, or see here

Install it now before it becomes another problem like MSBlaster!
Berichten: 3613 | Plaats: Venray | Geregistreerd: Jul 2002  |  IP: Gelogd | Rapporteer dit bericht aan een Moderator
   

Snelle Reactie
Bericht:

HTML staat uit.
UBB Code™ staat uit.

Kant en klare Graemlins
   


     » Mijn recente berichten « | » De actieve onderwerpen van vandaag «
Nieuw onderwerp  Reageer Sluit Onderwerp   Feature Onderwerp   Verplaats onderwerp   Verwijder onderwerp volgend oudste onderwerp   volgende nieuwste onderwerp
- Printer-versie van dit onderwerp
Spring naar:


Neem contact met ons op | Nims home

Copyright 2004 Ni-Frith Media Systems

Powered by Infopop Corporation
UBB.classic™ 6.7.0
Vertaald door NiMS