Widespread Windows Hole Discovered
The vulnerability lies in the DirectX technology that is included with Windows and is used to run multimedia presentations. One of the technologys components, DirectShow, contains two buffer overruns in the function that is used to check parameters in MIDI files.
An attacker who could create a malicious MIDI file and entice a user into opening it or visiting a Web page containing the file would be able to execute any code he chose on the users machine. The code would run in the security context of the user.
The weakness affects several different versions of DirectX in various configurations and is the second serious problem to affect Windows Server 2003 in the past week. Microsoft last week had to issue a patch for a vulnerability in the Remote Procedure Call (RPC) protocol that handles message exchanges over TCP/IP. The vulnerability, which arises because of incorrect handling of error messages, affects a particular Distributed Component Object Model interface with RPC.
Both flaws are considered critical. However, the default configuration of Windows Server 2003 prevents the e-mail attack on the DirectX flaw from working. The patch for this vulnerability is here.
Microsoft, based in Redmond, Wash., also released a cumulative patch for SQL Server that eliminates three new vulnerabilities and a fix for a vulnerability in a Windows NT 4.0 file management function.