Tomas
Banned
Here's another one to check to make certain you are up-to-date.
(How often do these things come out? This make over 40 now this year.)
[ QUOTE ]
From the Ars Technica Newsdesk
DirectX attack anticipated
Posted 08/19/2003 @ 1:03 PM, by Matt Woodward
Right on the heels of the MSBlaster worm is another anticipated attack. This time the flawed code resides in DirectX code. ZDNet UK has the full story:
Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could completely overshadow last week's events. On 23 July Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to Microsoft, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.
The danger comes, says Microsoft, in a component of DirectX that relies on a library file called quartz.dll, which is used by a number of applications -- including Internet Explorer -- to play midi files. A specially designed midi file could cause a buffer overflow error and either pass control of the system to an attacker, cause damage to the system or use the system to set off another MSBlast-type attack.
Just like the RPC flaw that MSBlaster exploited, the patch for both have been out for quite some time now. If you have not updated your DirectX 9 Runtimes lately, maybe you should.
[/ QUOTE ]
(How often do these things come out? This make over 40 now this year.)
[ QUOTE ]
From the Ars Technica Newsdesk
DirectX attack anticipated
Posted 08/19/2003 @ 1:03 PM, by Matt Woodward
Right on the heels of the MSBlaster worm is another anticipated attack. This time the flawed code resides in DirectX code. ZDNet UK has the full story:
Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could completely overshadow last week's events. On 23 July Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to Microsoft, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.
The danger comes, says Microsoft, in a component of DirectX that relies on a library file called quartz.dll, which is used by a number of applications -- including Internet Explorer -- to play midi files. A specially designed midi file could cause a buffer overflow error and either pass control of the system to an attacker, cause damage to the system or use the system to set off another MSBlast-type attack.
Just like the RPC flaw that MSBlaster exploited, the patch for both have been out for quite some time now. If you have not updated your DirectX 9 Runtimes lately, maybe you should.
[/ QUOTE ]
