Results 1 to 9 of 9

Thread: 'Critical' flaw found in Windows

  1. #1
    Hmmm bed
    Join Date
    Jul 2003
    Posts
    441
    Thanks
    5
    Thanked
    0 times in 0 posts

    'Critical' flaw found in Windows

    Just a bit of news for ya. Thought was interesting ....

    Linky: http://news.bbc.co.uk/1/hi/technology/3092399.stm

    Microsoft has issued a warning about a critical security flaw that affects most versions of its Windows software.
    The flaw involves DirectX, an extensive collection of programming add-ons for Windows used by computer games.

    If exploited, the flaw could allow a malicious hacker to run their own specially crafted computer code to plant a virus or even take over a machine.

    Microsoft has given the flaw its highest severity rating.

    Music mayhem

    The flaw affects a large number of the versions of Microsoft Windows in use.

    Embarrassingly for Microsoft one of the products affected is Windows Server 2003.

    This was supposed to be much more secure as it was one of the first products to go through Microsoft's improved systems for weeding out bugs and security problems.

    On Windows Server 2003 the bug is only rated as "important" by Microsoft because the default settings would not allow such a program to be run.

    The vulnerability comes about because of the way that a part of DirectX, called DirectShow, handles MIDI or music files.

    MIDI, or Musical Instrument Digital Interface, defines a standardised way of swapping music information between computers, music keyboards and synthesisers.

    The flaw, found by eEye Security, would allow a specially crafted MIDI instruction to swamp the cache, or buffer, in DirectX and allow a hidden program within it to run on the target machine.

    Such buffer overflow bugs are quite a common way for malicious programs to infect a machine.

    Microsoft has issued an alert about the flaw and a patch to close the loophole. It said that currently there were no known exploits of the bug.

    The instruction could get into a computer by being put on a webpage.

    It can also be put into an e-mail message that uses web formatting.

    The DirectX flaw is the latest in a series of security problems that Microsoft has warned about over the last few weeks.

  2. #2
    Cable Guy Jonny M's Avatar
    Join Date
    Jul 2003
    Location
    Loughborough Uni
    Posts
    4,263
    Thanks
    0
    Thanked
    4 times in 1 post
    Thanks for the heads-up, getting my updates now.

  3. #3
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,185
    Thanks
    738
    Thanked
    1,609 times in 1,048 posts
    Blimey - you get them in everything from MS these days !
    Quote Originally Posted by Saracen View Post
    And by trying to force me to like small pants, they've alienated me.

  4. #4
    Jigsawing Menace
    Join Date
    Jul 2003
    Location
    Bracknell / Brighton
    Posts
    299
    Thanks
    0
    Thanked
    0 times in 0 posts
    Its such a mission having to continually test this updates with the software that runs on the systems to ensure that everything will continue to work after the update.

    *cries*


  5. #5
    Senior Member joshwa's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield, UK
    Posts
    4,854
    Thanks
    132
    Thanked
    67 times in 62 posts
    • joshwa's system
      • Motherboard:
      • PC Chips M577 AT/ATX
      • CPU:
      • AMD K6-2 500Mhz
      • Memory:
      • 128mb PC100 SDRAM
      • Storage:
      • 8GB Fujitsu
      • Graphics card(s):
      • 3dfx Voodoo 3 3000 AGP (16mb)
      • PSU:
      • ATX 500watt
      • Case:
      • Midi Tower AT
      • Operating System:
      • Windows 98 SE
      • Monitor(s):
      • 22" TFT Widescreen
    this is a major pain in the bum for people who run windows servers, becuase every week or 2 you're having to update the server, reboot etc, to keep it updated.

  6. #6
    Member
    Join Date
    Jul 2003
    Posts
    160
    Thanks
    0
    Thanked
    0 times in 0 posts
    TBH i've just come to accept that MS products have more holes than swiss cheese, the patches are so regular i have resorted to awaiting the service pack releases, having said that, i do have a NAT router and a decent firewall setup and my IP changes every 2 hours so i am not too worried about hackers, expliots are the worst but I usually don't run anything without knowing where it has come from and only 5 people have my proper email address all emails on my normal account are usually just flushed every few days. I've never had any problems yet...


  7. #7
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,185
    Thanks
    738
    Thanked
    1,609 times in 1,048 posts
    Originally posted by LoopyJuice
    TBH i've just come to accept that MS products have more holes than swiss cheese, the patches are so regular i have resorted to awaiting the service pack releases, having said that, i do have a NAT router and a decent firewall setup and my IP changes every 2 hours so i am not too worried about hackers, expliots are the worst but I usually don't run anything without knowing where it has come from and only 5 people have my proper email address all emails on my normal account are usually just flushed every few days. I've never had any problems yet...
    Yup, the best weapon in computer security is usualy common sence

  8. #8
    If your 5555... Swafe's Avatar
    Join Date
    Jul 2003
    Location
    Then I'm...
    Posts
    6,666
    Thanks
    0
    Thanked
    0 times in 0 posts
    sheesh another?

    i might as well buy a giant patch these days instead of windows, i dont think much of windows is left, everythings been patched
    Quote Originally Posted by Knoxville
    As I find big muff's to be a bit of an aquired taste
    AMD Athlon 4400X2 @ 2.565PenisextentionMhz
    Dual Layer, Gold Plated, LED Power,Dual Golden OMG IT MAKES MY CodPiece BIGGER 1-1-1-1 DDR62.3 @ 1222.3433Mhz
    5 X 400GB Porn Array
    X1800XT Dildo enchanged 3D Version, 512MegaLongJohn
    Oh, did I mention.....I like sheep.....


    WWW.MrsBurley.CO.UK
    now updated

  9. #9
    By-Tor with sticks spikegifted's Avatar
    Join Date
    Jul 2003
    Location
    still behind the paddles
    Posts
    921
    Thanks
    0
    Thanked
    1 time in 1 post
    See, this is the problem with dominance... When your product has a near monopoly in the market, everyone (and I mean anyone who can) will take a shot at it... If enough people take enough pot-shots at it, someone, somewhere will find cracks in the armor!
    Caution: Cape does not enable user to fly. - Batman costume warning label (Rolfe, John & Troob, Peter, Monkey Business (Swinging Through the Wall Street Jungle), 2000)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •