Microsoft seems to have survived the MSBlast worm attack, but now the company is urging Windows users to patch their systems against a different, and potentially more dangerous, vulnerability in its software. Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could overshadow last week's events. On July 23, Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to the company, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.
The danger comes, says Microsoft, in a component of DirectX that relies on a library file called quartz.dll, which is used by a number of applications--including Internet Explorer--to play MIDI files. A specially designed MIDI file could cause a buffer overflow error and either pass control of the system to an attacker, cause damage to the system or use the system to set off another MSBlast-type attack. Russ Cooper, chief scientist at security company TruSecure, expects a worm or virus to take advantage of the vulnerability in the near future: "We are definitely afraid of the DirectX vulnerability."
The vulnerability, he said, is very widespread because few people have applied the patch for this. Cooper believes it could be exploited by a worm that uses several methods of spreading, similar to the way that MSBlast did.
Source:
http://zdnet.com.com/
Download: DirectX 9.0b End-User Runtime (includes fix):
http://download.microsoft.com/downlo...dxwebsetup.exe
Security Bulletin:
http://www.microsoft.com/technet/tre...n/ms03-030.asp
Threaded Mode