Slashdot Mirror


DirectX Flaw Leaves Windows Vulnerable

cryonic*angel writes "Just when you thought it was safe to start buying music from BuyMusic, another another Windows security flaw is found, in DirectX this time, that basically affects every possible windows configuration that is still supported. I wonder, will they indemnify me for this?"

17 of 530 comments (clear)

  1. Tough one... by WD_40 · · Score: 5, Funny

    Let's see, pay for music and get F'ed... download for free and be fine (as long as you don't share).

    --

    "With sufficient thrust, pigs fly just fine." -- RFC 1925

    1. Re:Tough one... by dimer0 · · Score: 4, Funny

      So, let me see if I have this right - you think that files off a pay-for-music download site are more likely to be infected vs. files on Kazaa?

      For those of us who are running Mozilla and not IE, etc, buymusic.com's home page has a quite amusing message:

      ---

      Thank you for visiting BuyMusic.com.

      In order to take full advantage of BuyMusic.com's offerings you must be on a Windows Operating System using Internet Explorer version 5.0 or higher.

      --- /That's/ the point the poster was making.

  2. Microsoft software has security flaw... what's new by advocate_one · · Score: 5, Funny

    move along now folks... nothing new here...
    mind you... the particular buffer overflow is unusual...MIDI files... who'd have thought???

    --
    Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
  3. Hmmm... by chrisgeleven · · Score: 5, Funny

    Only every single supported version of Windows has this flaw? Thank God, I thought I was in trouble here.

  4. Will they indemnify me? by SoTuA · · Score: 5, Funny

    Har Har Har! Yeah, they'll indemnify up to the price you paid for DirectX...

    You have to give M$ some credit though... finally, a security flaw where you don't have to care if you are using Win95a, win98blah, Win2k, Win2k SP1e92, WinXP, WinYP, whatever. A *cross-platform* security issue, if you will. ;)

  5. Great. by grub · · Score: 5, Funny


    A MIDI overflow? That means no more visits to most Geocities pages.

    --
    Trolling is a art,
  6. Re:patch me up baby! by GammaTau · · Score: 5, Funny

    Well, you know what they say about downloading and applying Windows patches...

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

  7. MIDI by ciryon · · Score: 5, Funny

    Cool, Then you can construct some kind of hacked MIDI keyboard that just plugs into the computer you want to compromise. Press B# three times and you get the admin password.

    Ciryon

  8. Re:Received the Update Notification and Fixed by FrostedWheat · · Score: 4, Funny

    My Win2k solution

    If that was the solution, what the heck was the problem?!

  9. Re:patch me up baby! by Chester+K · · Score: 5, Funny

    I'm quite sure there is a patch up already on windows update. My computer was patched just hours ago. I really don't see anything special about this story. What's so special about this flaw?

    It's a Microsoft bug, it doesn't matter how important it is. You're supposed to be foaming at the mouth and making sweeping statements about how this proves open source is better! Don't you know what website you're on?

    --

    NO CARRIER
  10. "Unsually wide spread"?!?! by thepacketmaster · · Score: 4, Funny

    He doesn't know Microsoft very well, does he? :-)

    --

    --

    Luck is just skill you didn't know you had.

  11. Re:MOD PARENT UP by Latent+IT · · Score: 4, Funny

    After uninstallation of the IIS update, OpenGL started working again. Trustworthy Computing, my balls.

    It is trustworthy! You can trust it not to work!

    Ba-dum-bup! (rimshot)

    Thanks folks! I'll be here all week! Try the veal!

  12. Re:patch me up baby! by Realistic_Dragon · · Score: 4, Funny
    Don't you know what website you're on?

    Microsoft Security Bulletin MS03-035

    Flaw in Internet Explorer Could Cause Website Name Not To Appear (823803)

    Originally posted: July 23, 2003

    Summary

    Who should read this bulletin: All users of Microsoft® Windows®

    Impact of vulnerability: User may become disorientated on the internet

    Maximum Severity Rating: Moderate

    Recommendation: Administrators of Windows computers should consider applying the update patch.

    Affected Software:

    * Microsoft Windows NT 4.0 Server

    * Microsoft Windows NT 4.0 Terminal Server Edition

    * Microsoft Windows 2000

    * Microsoft Windows XP

    * Microsoft Windows Server 2003

    Technical details

    Technical description:

    A flaw exists in all versions of Internet Explorer that could cause the name of the website being visited not to be displayed.
    --
    Beep beep.
  13. Re:patch me up baby! by FatherOfONe · · Score: 5, Funny

    Man how true it is. I can't believe all the people here that bash Microsoft for their apparent lack of security. I mean whats the problem with checking for patches for your server every hour or so? Even if some of the patches are so bad they crash apps on your server and prevent others from starting. I mean, what is the big deal?

    Hang on a second... it has been 30 seconds since I last checked Microsoft for another security update...

    Ok, I now have another 90MB file I need to apply to the 200 NT boxes I have.... Like I was saying what the heck is the big deal? So what that most vendors release stuff on NT boxes that requires certain service packs, and won't work with others? Yeah this makes server consoldation impossible but who really cares? It isn't that big of a deal, just buy another box. Heck we plan on buying another hundred or so this year.

    Hang on a second it has been another 5 min since my last check at Microsoft for another update...

    Wow only two new updates! This is a first! Now, as I was saying, these open source "Quality is important" types are just zealots. They just don't understand that it isn't that big of a deal to support Windows.

    Sorry, hang on a second... a new Worm just hit or email server...

    Now where was I? Oh yeah, the advantages of running Windows... You have one consistant platform. Well we will when we finally get our 200 NT boxes upgraded to Win2k server. Dag gone it, I have to go and talk to our Microsoft rep again... be back in 15 min...

    Ok I just found out that Windows 2003 server is out now and EVERYONE is going to it. The nice thing is that Microsoft will let us keep running our Win2k servers until the end of the year! Yeah I would like to see what you open source people say about that! See Microsoft isn't bad at all. They even told us that we could run 2003 Server for a full 3 years! Man that will make life great!

    So let all the bitching begin about Microsoft over one SMALL bug! They just don't know what they are talking about...

    --
    The more I learn about science, the more my faith in God increases.
  14. Dear Windows Users by Letter · · Score: 5, Funny

    Dear Windows Users,

    <EMBED SRC="h4x0r3d.mid" HEIGHT=200 WIDTH=55></EMBED>

    Yours,
    B. Overflow

  15. Re:More technical Info. by crivens · · Score: 4, Funny

    You'll probably find that your story wasn't sensational enough for it to be accepted, rather than the one that was.

  16. Re:patch me up baby! by drunk_as_in_beer · · Score: 5, Funny

    What's so special about this flaw?

    What's so special is you actually *don't* have to reboot after applying the patch.

    --
    --Drunk as in Beer