Slashdot Mirror

← Back to Stories (view on slashdot.org)

DirectX Flaw Leaves Windows Vulnerable

Posted by michael on from the windows-update-time-again dept.

cryonic*angel writes "Just when you thought it was safe to start buying music from BuyMusic, another another Windows security flaw is found, in DirectX this time, that basically affects every possible windows configuration that is still supported. I wonder, will they indemnify me for this?"

6 of 530 comments (clear)

  1. Re:patch me up baby! by Krilomir · · Score: 3, Interesting

    I'm quite sure there is a patch up already on windows update. My computer was patched just hours ago. I really don't see anything special about this story. What's so special about this flaw?

  2. Re:Windows ... by iapetus · · Score: 5, Interesting

    I'd like to. Could you recommend an alternative operating system that hasn't had a single security problem in a year, and has been adding new functionality over that period?

    --
    ++ Say to Elrond "Hello.".
    Elrond says "No.". Elrond gives you some lunch.
  3. Re:Wha... by chill · · Score: 4, Interesting

    Last I checked, as annoying as the feature is, the ability to have IE play MIDI files autonomyously is still there; a friend sent a link to me last night with a lovely display of world architecture and sappy MIDI music playing in the background...

    That's the kicker. I know a LOT of sites that do this. A couple of financial services sites I frequent have Registered Reps that seem to think a MIDI that runs in the background lends "ambiance" or some such to their site. They INSIST on it.

    --
    Learning HOW to think is more important than learning WHAT to think.
  4. Why was there no mention of the RPC flaw? by burgburgburg · · Score: 3, Interesting
    The Last Stage of Delirium Research Group (LSD) has announced and Microsoft has confirmed and released patches for a critical flaw in the RPC Interface implementation in all recent versions of Windows. This includes NT 4.0, 2000, XP and Server 2003 (regardless of the service packs installed). As reviewed in this TechTarget article, the exploit creates a buffer overflow that could allow remote attackers to run commands with the highest system privileges. Applying the new patch and/or blocking port 135 (turned on by default on many Windows systems) are the solutions.

    LSD has produced two proof of concept exploit codes (which they have not released)which they were able to get to work even with Server 2003 and it's new buffer overflow prevention mechanism. The nature of the flaw makes it ripe for exploitation by a worm.

    As discussed here, the reports are unusually embarrassing as they affect Server 2003, Microsoft's most powerful and safest software yet. It is ironic that the announcement comes one day after the Homeland Security Department announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency.

  5. :Actually its been known for a long time ago, but by ratfynk · · Score: 3, Interesting
    Actually its been known for a long time, but the software writers just have to put up with it, use DirectX or your midi interface will not work, or worse still it might until some user goes and loads the newest MS DirectX. So you play along with the DirectX game or your software will not work. The usual MS bullshit.
    DirectX controls have been a problem in music notation software for years.
    Maybe now someone will write a real piece of music notation software that doesn't use f'ing midi timing to set note placement. One of my main peeves with commercial notation software.

    I have seen the possibility that midi could be used as a hack for years! In fact a little friend of mine has used this exploit to demonstrate a flaw in the whole concept of midi as a scripting control. He has written a replacement algorythm that directly generates wave at the processor level and then sends it to the sound card without the use of shitty DirectX. DirectX sucks for security and flexability always has and always will, because of its fork processes. I personaly do not care if my notation software can make sound, so I just have to put up with useless junk midi. Read my journal entry about more music #32862

    --
    OH THE SHAME I fell off the wagon and use sigs again!
  6. Windows security hole counter by forgetmenot · · Score: 4, Interesting

    Instead of posting every single security flaw in windows to slashdot (I mean seriously... we KNOW they exist don't we? It's not exactly "news" and there ARE other sites for them) to be flamed to pieces how about just have a little "counter" somewhere on the main page.. along with a date the user can set in his/her settings. Increment it everytime a new flaw is found so that it keeps a running tally. Number of Windows flaws since . Fun AND informative. Sorta.