RealTime IT News

Microsoft Plugs 'Critical' DirectX Flaw

Microsoft late Wednesday released a trio of security patches to plug holes in software products used by millions of customers.

The most serious flaw involves a buffer overflow in DirectX, which is used for multimedia support in Windows programs, including most games running on Microsoft platforms. Microsoft warned that the vulnerability, which carries a 'critical' rating, could allow an attacker to completely take over a machine.

DirectX consists of a set of Application Programming Interfaces (APIs) used by Windows programs. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation, and rendering. In its advisory, Microsoft said two buffer overruns in DirectShow makes it possible for a malicious user to execute code in the security context of the logged-on user.

Affected software include DirectX 5.2 on Windows 98, DirectX 6.1 on Windows 98 SE, DirectX 7.0a on Windows Millennium Edition, DirectX 7.0 on Windows 2000, DirectX 8.1 on Windows XP and DirectX 8.1 on Windows Server 2003. DirectX 9.0a, when installed on Windows Server 2003, was also vulnerable.

It is the second 'critical' security hole detected in the newest Windows Server 2003 product.

Microsoft warned that an attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file and hosting it on a Web site or on a network share, or send it by using an HTML-based e-mail.

"If the file was embedded in a page the vulnerability could be exploited when a user visited the Web page. In the HTML-based e-mail case, the vulnerability could be exploited when a user opened or previewed the HTML-based e-mail. A successful attack could cause DirectShow, or an application making use of DirectShow, to fail. A successful attack could also cause an attacker's code to run on the users computer in the security context of the user," the company said, urging DirectX users to apply the patch immediately.

In a separate alert, Microsoft said a flaw was found in a Windows NT 4.0 Server file management function that can cause a denial-of-service vulnerability. Affected software include Windows NT 4.0 Server and Windows NT 4.0 Terminal Server Edition.

"The flaw results because the affected function can cause memory that it does not own to be freed when a specially crafted request is passed to it. If the application making the request to the function does not carry out any user input validation and allows the specially crafted request to be passed to the function, the function may free memory that it does not own. As a result, the application passing the request could fail," the company said. The vulnerability carries a 'moderate' rating.

A third advisory included a cumulative patch to fix three newly discovered holes in the Microsoft SQL Server product. System administrators using SQL Server 7.0, SQL Server 2000, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) and SQL Server 2000 Desktop Engine (Windows) are urged to upgrade immediately.