Continuing the trend of security updates' releases, Microsoft announced the latest batch of patches affecting PCs running from the slowly disappearing Windows 98 to the newest Windows Server 2003 operating system.
On Wednesday, the software maker warned of a critical vulnerability in its DirectX multimedia package, which handles graphics acceleration, sound output and input devices such as joysticks. A buffer overrun flaw discovered by California-based firm eEye Digital Security involves how DirectX works with MIDI (Musical Instrument Digital Interface) files. A specifically malformed MIDI file, which an attacker could potentially place on the Internet or send by e-mail, could lead to execution of arbitrary program code enclosed in the file.
The vulnerability affects DirectX versions from 5.2 to the latest 9.0a, regardless of the operating system. Microsoft has made available free patches for all susceptible DirectX products. The company is urging customers to immediately implement the latest updates and secure their PCs.
In addition, two more security patches have been released, rated "important" and "moderate," respectively. A cumulative update for Microsoft SQL Server and Microsoft Data Engine fixes three newly uncovered vulnerabilities, while a Windows NT 4.0 patch eliminates a flaw, which could allow a Denial-of-Service (DoS) attack to be successfully executed.
In recent weeks, Microsoft has released numerous critical security patches for its flagship Windows operating system. In July, the world's largest software company admitted attackers could execute code of their choice by exploiting flaws in Windows' Distributed Component Object Model (DCOM) interface and an HTML conversion utility shipped with all versions of the OS. Facing criticism of its Trustworthy Computing Initiative aimed at tightening the security of its products, some analysts have also commended Microsoft's approach to dealing with security threats and its improved relationships with security researchers.
Svetlozar Online encourages all Microsoft customers to download and install the latest security updates for their products, either from the Windows Update web site or from the download links in Microsoft's security bulletins.
