Jump to content

'Critical' flaw found in Windows

bongme

By bongme
in Computers, Games and Internet

 Share

Recommended Posts

bongme Resin Coated

bongme

Posted
Posted

hi

_39317321_dx-bbc203.jpg

The bug comes about through music files

Thursday, 24 July, 2003

Microsoft has issued a warning about a critical security flaw that affects most versions of its Windows software.

The flaw involves DirectX, an extensive collection of programming add-ons for Windows used by computer games.

If exploited, the flaw could allow a malicious hacker to run their own specially crafted computer code to plant a virus or even take over a machine.

Microsoft has given the flaw its highest severity rating.

Music mayhem

The flaw affects a large number of the versions of Microsoft Windows in use.

Embarrassingly for Microsoft one of the products affected is Windows Server 2003.

This was supposed to be much more secure as it was one of the first products to go through Microsoft's improved systems for weeding out bugs and security problems.

On Windows Server 2003 the bug is only rated as "important" by Microsoft because the default settings would not allow such a program to be run.

VULNERABLE SOFTWARE

DirectX 5.2 on Windows 98

DirectX 6.1 on Windows 98 SE

DirectX 7.0a on Windows Me

DirectX 7.0 on Windows 2000

DirectX 8.1 on Windows XP

DirectX 8.1 on Windows Server 2003

DirectX 9.0a on Windows 2000

DirectX 9.0a on Windows XP

DirectX 9.0a on Windows Server 2003

DirectX 9.0a on Windows Me

NT 4.0 using Media Player 6.4 or Internet Explorer 6 Service Pack 1

NT 4.0 Terminal Server Edition using either Media Player 6.4 or Internet Explorer 6 Service Pack 1

The vulnerability comes about because of the way that a part of DirectX, called DirectShow, handles MIDI or music files.

MIDI, or Musical Instrument Digital Interface, defines a standardised way of swapping music information between computers, music keyboards and synthesisers.

The flaw, found by eEye Security, would allow a specially crafted MIDI instruction to swamp the cache, or buffer, in DirectX and allow a hidden program within it to run on the target machine.

Such buffer overflow bugs are quite a common way for malicious programs to infect a machine.

Microsoft has issued an alert about the flaw and a patch to close the loophole. It said that currently there were no known exploits of the bug.

The instruction could get into a computer by being put on a webpage.

It can also be put into an e-mail message that uses web formatting.

The DirectX flaw is the latest in a series of security problems that Microsoft has warned about over the last few weeks.

Bongme

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

Cream of the Crop since 1999. © UK420.com 2024

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use