MS Patches 'Moderate' Direct X Flaw Patches Issued for DirectX, Crystal Reports Ryan Naraine
A security flaw in one of Microsoft's widely deployed Direct X application programming interfaces (API) could leave computer games at risk of denial-of-service attacks, the company warned on Tuesday.
The Direct X vulnerability, which carries a "moderate" severity rating, affects the IDirectPlay4 API used in network-based multi-player games.
Microsoft says the flaw exists in the implementation of the IDirectPlay4 API of DirectPlay because of a lack of robust packet validation. "If a user is running a networked DirectPlay application, an attacker who successfully exploited this vulnerability could cause the DirectPlay application to fail. The user would have to restart the application to resume functionality," the company said in an advisory.
Affected software includes DirectX on Windows Server 2003, Windows XP, Windows 2000, Windows Millennium Edition (Me), and Windows 98 platforms.
The software giant also issued a security fix for a problem in its Crystal Reports Web Form Viewer that could put users at risk of data loss and denial-of-service attacks.
The flaw, which also carries a "moderate" severity rating, affects customers who use Microsoft Visual Studio .NET 2003; Outlook 2003 with Business Contact Manager; or Microsoft Business Solutions Customer Relationship Management (CRM) 1.2.
"An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web viewers on an affected system. The number of files that are impacted by this vulnerability would depend on the security context of the affected component that is used by the Crystal Web viewer," Microsoft warned.
