News

DirectX 9.0 Vulnerability Patch Available

Attackers able to exploit flaw to cause Denial of Service

According to a report published on a game Web site, there is a security flaw in PC systems running DirectX 9.0 which may cause interruptions and Denial of Service for users operating with that system. A link supplied to the Microsoft tech pages for Windows downloads confirms the flaw.

A critical patch has been released for patching of DirectX9.0, preventing exploit of a vulnerability in the DirectPlay aspect of DX9.0, which could cause a Denial of Service to be launched. Those gamers who are running DirectX 9.0 are strongly advised to install the patch. The patch is available at http://www.microsoft.com/technet/security/bulletin/ms04-016.mspx.

According to the Microsoft Web site:

"This update resolves a newly-discovered, privately reported vulnerability. A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.

"If a user is running a networked DirectPlay application, an attacker who successfully exploited this vulnerability could cause the DirectPlay application to fail. The user would have to restart the application to resume functionality."

Details about the vulnerability, as available through the patch site, state:

  • What might an attacker use the vulnerability to do?
    An attacker who successfully exploited this vulnerability could cause the DirectPlay application to fail, which would interrupt its normal operation. The user would have to restart the application for functionality to resume.

  • Who could exploit the vulnerability?
    Any anonymous user who could locate a system that is running a version 4 implementation of a DirectPlay-based application, establish a connection and deliver a malformed packet to the affected system could try to exploit this vulnerability.

  • How could an attacker exploit the vulnerability?
    An attacker could exploit the vulnerability by creating a malformed packet, establishing a connection and sending the packet to an affected system, which could then cause the DirectPlay application to fail.

  • What systems are primarily at risk from the vulnerability?
    Because the affected component is within the DirectPlay network technology, systems that are used for multi-player network gaming are primarily at risk from this vulnerability.

 

 

 


 



Bookmark and Share Share | Digg! Digg This | Glink It Glink It
For More Product Information
Asheron's Call 2 Fallen Kings (PC)