Our co-location facility has issued what they believe to be an extremely serious threat to network security. They are of the opinion (as are others) that the Microsoft Direct-x Buffer Overflow may be used in a broad attack on the internet and they feel that there are precursors to a potential broad attack. Here is their missive:
SUBJECT:
Two new Microsoft Direct-x Buffer Overflow Vulnerabilities discovered.
AFFECTED VERSIONS:
- Microsoft DirectX® 5.2 on Windows 98
- Microsoft DirectX 6.1 on Windows 98 SE
- Microsoft DirectX 7.0a on Windows Millennium Edition
- Microsoft DirectX 7.0 on Windows 2000
- Microsoft DirectX 8.1 on Windows XP
- Microsoft DirectX 8.1 on Windows Server 2003
- Microsoft DirectX 9.0a when installed on Windows Millennium Edition
- Microsoft DirectX 9.0a when installed on Windows 2000
- Microsoft DirectX 9.0a when installed on Windows XP
- Microsoft DirectX 9.0a when installed on Windows Server 2003
- Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
- Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
BOTTOM LINE UP FRONT:
There are two buffer
overruns with identical effects in the function
used by DirectShow to check parameters in a
Musical Instrument Digital Interface (MIDI) file.
This overrun allows a malicious user execute code
in the security context of the logged-on user.DETAILS:
An attacker could seek to exploit this
vulnerability by creating a specially crafted
MIDI file designed to exploit this vulnerability
and then host it on a Web site or on a network
share, or send it by using an HTML-based e-mail.
In the case where the file was hosted on a Web
site or network share, the user would need to
open the specially crafted file. If the file was
embedded in a page the vulnerability could be
exploited when a user visited the Web page. In
the HTML-based e-mail case, the vulnerability
could be exploited when a user opened or
previewed the HTML-based e-mail. A successful attack could cause DirectShow, or an application
making use of DirectShow, to fail. A successful
attack could also cause an attackerÂs code to run
on the user's computer in the security context of
the user.
TECHNICAL RECOMMENDATION:
It is recommended that
system administrators download, test and apply
the security patch.DOWNLOAD LOCATIONS FOR THIS PATCH:
- Microsoft DirectX 5.2, DirectX 6.1 and DirectX
7.0a on Windows 98, Windows 98 SE and Windows
Millennium Edition- Note: Windows 98, Windows 98 SE and Windows
Millennium Edition users who are running a
version of DirectX earlier than DirectX 9.0a must
upgrade to DirectX 9.0b.- Microsoft DirectX 7.0 on Windows 2000
- Microsoft DirectX 8.1 on Windows XP 32-bit
Edition- Microsoft DirectX 8.1 on Windows XP 64-bit
Edition- Microsoft DirectX 8.1 on Windows Server 2003 32-
bit Edition- Microsoft DirectX 8.1 on Windows Server 2003 64-
bit Edition- Microsoft DirectX 9.0a: All Windows versions
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0, Terminal Server
Edition- All Windows Versions except Windows NT 4.0
Note: DirectX 9.0b has been released at the same
time as this security bulletin and contains the
security fix discussed in the security bulletin.
DirectX 9.0b can be installed on all versions of
Windows except Windows NT 4.0.
Disclaimer: The information contained in this message is relayed to you as a service of DBR. We do not vouch for the accuracy of the information, and certainly do not guarantee or warrant the correct behavior of your system. We strongly advise all readers of DBR to be fully aware of all potential security threats to their system, and encourage them in being proactive in protecting their computer systems, network, and the Internet.
www.windowsupdate.com is also a good site to visit to see if your machine needs to have patches installed.
Possible hack attack links: