MS Patches ‘Moderate’ DirectX Flaw

A security flaw in one of Microsoft’s widely deployed
DirectX application programming interfaces (API) could leave computer games
at risk of denial-of-service attacks, the company warned on Tuesday.

The
DirectX vulnerability, which carries a “moderate” severity rating, affects
the IDirectPlay4 API used in network-based multi-player
games.

Microsoft said the flaw exists in the implementation of the IDirectPlay4
API of DirectPlay because of a lack of robust packet validation. “If a user
is running a networked DirectPlay application, an attacker who successfully
exploited this vulnerability could cause the DirectPlay application to fail.
The user would have to restart the application to resume functionality,” the
company said in an advisory.

Affected Software includes Windows Server 2003, Windows XP, Windows 2000,
Windows Millenium Editon (Me) and Windows 98.

The software giant also issued a security fix for a problem in its Crystal Reports Web Form Viewer that could
put users at risk of data loss and denial-of-service attacks.

The flaw, which is also carries a “moderate” severity rating, affects
customers who use Microsoft Visual Studio .NET 2003; Outlook 2003 with
Business Contact Manager and Microsoft Business Solutions Customer
Relationship Management (CRM) 1.2.

“An attacker who successfully exploited the vulnerability could retrieve
and delete files through the Crystal Reports and Crystal Enterprise Web
viewers on an affected system. The number of files that are
impacted by this vulnerability would depend on the security context of the
affected component that is used by the Crystal Web viewer,” Microsoft
warned.