Thursday, August 21, 2003

Move Over MS03-026, its MS03-030 Turn

Well, you may have been one smart ones who patched your computer early and survived MSBlast worm without a problem. Now, you have to make sure your system is ready for next vulnerability (MS03-030) that may soon be exploited.

Microsoft patched this vulnerability On July 23, about the same time that it created the MS03-026 patch which prevents the MSBlast worm from infecting your computer. The security bulletin describes the patch as a "critical" vulnerability in DirectX. According to the Microsoft, unprotected systems can be exploited simply by playing a MIDI file or visiting a malicious web page.

The problem is in a DirectX component that relies in a library file called 'QUARTZ.DLL'. This DLL is used by several applications, including Internet Explorer to play MIDI files. All a malicious programmer has to do is a make a specially crafted MIDI file that can cause a buffer overflow error, which can allow an them to take control of your system, or cause some type of system damage

To protect yourself, do one of the steps below:

1. See the security bulletin: MS03-030 and download the patch for your version of Windows.

- OR -

2. Goto to the WindowsUpdate site install the latest patches.

No comments: