Microsoft Security Bulletin MS03-030 - 819696

TheMSsForum.com: The Microsoft Software Forum

Title: Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Date: July 23, 2003
Software:
Microsoft DirectX® 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.0a on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.1 on Windows XP
Microsoft DirectX 8.1 on Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows Millennium Edition
Microsoft DirectX 9.0a when installed on Windows 2000
Microsoft DirectX 9.0a when installed on Windows XP
Microsoft DirectX 9.0a when installed on Windows Server 2003
Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet
Explorer 6 Service Pack 1 installed.
Microsoft Windows NT 4.0, Terminal Server Edition with either Windows Media
Player 6.4 or Internet Explorer 6 Service Pack 1 installed.
Impact: Allow an attacker to execute code on a user's system
Maximum Severity Rating: Critical
Bulletin: MS03-030

The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-030

What Is It?
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-030 which concerns a vulnerability in the products listed
above. Customers are advised to review the information in the bulletin,
test and deploy the patch immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-030.asp

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety (1-866-727-2338).
International customers should contact their local subsidiary.




--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and confers no rights.
Top

Re: Microsoft Security Bulletin MS03-030 - 819696 by Jak

Jak
Thu Jul 24 08:04:16 CDT 2003

Do I unerstand this bulletin correctly that DirectX 8.1 on=20
a Windows 98 SE system is not affected?

Thanks for your help.

Jak

>-----Original Message-----
>Title: Unchecked Buffer in DirectX Could Enable System=20
Compromise (819696)
>Date: July 23, 2003
>Software:
>Microsoft DirectX=AE 5.2 on Windows 98
>Microsoft DirectX 6.1 on Windows 98 SE
>Microsoft DirectX 7.0a on Windows Millennium Edition
>Microsoft DirectX 7.0 on Windows 2000
>Microsoft DirectX 8.1 on Windows XP
>Microsoft DirectX 8.1 on Windows Server 2003
>Microsoft DirectX 9.0a when installed on Windows=20
Millennium Edition
>Microsoft DirectX 9.0a when installed on Windows 2000
>Microsoft DirectX 9.0a when installed on Windows XP
>Microsoft DirectX 9.0a when installed on Windows Server=20
2003
>Microsoft Windows NT 4.0 with either Windows Media Player=20
6.4 or Internet
>Explorer 6 Service Pack 1 installed.
>Microsoft Windows NT 4.0, Terminal Server Edition with=20
either Windows Media
>Player 6.4 or Internet Explorer 6 Service Pack 1=20
installed.
>Impact: Allow an attacker to execute code on a user's=20
system
>Maximum Severity Rating: Critical
>Bulletin: MS03-030
>
>The Microsoft Security Response Center has released=20
Microsoft Security
>Bulletin MS03-030
>
>What Is It?
>The Microsoft Security Response Center has released=20
Microsoft Security
>Bulletin MS03-030 which concerns a vulnerability in the=20
products listed
>above. Customers are advised to review the information in=20
the bulletin,
>test and deploy the patch immediately in their=20
environments, if applicable.
>
>More information is now available at
>http://www.microsoft.
com/technet/security/bulletin/MS03-030.asp
>
>If you have any questions regarding the patch or its=20
implementation after
>reading the above listed bulletin you should contact=20
Product Support
>Services in the United States at 1-866-PCSafety=20
(1-866-727-2338).
>International customers should contact their local=20
subsidiary.
>
>
>
>
>--=20
>Regards,
>
>Jerry Bryant - MCSE, MCDBA
>Microsoft IT Communities
>
>Get Secure! www.microsoft.com/security
>
>
>This posting is provided "AS IS" with no warranties, and=20
confers no rights.
>
>
>.
>
Top

Re: Microsoft Security Bulletin MS03-030 - 819696 by Jerry

Jerry
Thu Jul 24 09:36:05 CDT 2003

It is affected but there is no patch. According to the=20
bulletin, you must upgrade to DirectX 9.0b or if you have=20
DirectX 9.0a, there is a patch for that. 9.0b includes=20
the patch.

9.0b download:
http://microsoft.com/downloads/details.aspx?
FamilyId=3D141D5F9E-07C1-462A-BAEF-
5EAB5C851CF5&displaylang=3Den

--=20
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and=20
confers no rights.


>-----Original Message-----
>Do I unerstand this bulletin correctly that DirectX 8.1=20
on=20
>a Windows 98 SE system is not affected?
>
>Thanks for your help.
>
>Jak
>
>>-----Original Message-----
>>Title: Unchecked Buffer in DirectX Could Enable System=20
>Compromise (819696)
>>Date: July 23, 2003
>>Software:
>>Microsoft DirectX=AE 5.2 on Windows 98
>>Microsoft DirectX 6.1 on Windows 98 SE
>>Microsoft DirectX 7.0a on Windows Millennium Edition
>>Microsoft DirectX 7.0 on Windows 2000
>>Microsoft DirectX 8.1 on Windows XP
>>Microsoft DirectX 8.1 on Windows Server 2003
>>Microsoft DirectX 9.0a when installed on Windows=20
>Millennium Edition
>>Microsoft DirectX 9.0a when installed on Windows 2000
>>Microsoft DirectX 9.0a when installed on Windows XP
>>Microsoft DirectX 9.0a when installed on Windows Server=20
>2003
>>Microsoft Windows NT 4.0 with either Windows Media=20
Player=20
>6.4 or Internet
>>Explorer 6 Service Pack 1 installed.
>>Microsoft Windows NT 4.0, Terminal Server Edition with=20
>either Windows Media
>>Player 6.4 or Internet Explorer 6 Service Pack 1=20
>installed.
>>Impact: Allow an attacker to execute code on a user's=20
>system
>>Maximum Severity Rating: Critical
>>Bulletin: MS03-030
>>
>>The Microsoft Security Response Center has released=20
>Microsoft Security
>>Bulletin MS03-030
>>
>>What Is It?
>>The Microsoft Security Response Center has released=20
>Microsoft Security
>>Bulletin MS03-030 which concerns a vulnerability in the=20
>products listed
>>above. Customers are advised to review the information=20
in=20
>the bulletin,
>>test and deploy the patch immediately in their=20
>environments, if applicable.
>>
>>More information is now available at
>>http://www.microsoft.
>com/technet/security/bulletin/MS03-030.asp
>>
>>If you have any questions regarding the patch or its=20
>implementation after
>>reading the above listed bulletin you should contact=20
>Product Support
>>Services in the United States at 1-866-PCSafety=20
>(1-866-727-2338).
>>International customers should contact their local=20
>subsidiary.
>>
>>
>>
>>
>>--=20
>>Regards,
>>
>>Jerry Bryant - MCSE, MCDBA
>>Microsoft IT Communities
>>
>>Get Secure! www.microsoft.com/security
>>
>>
>>This posting is provided "AS IS" with no warranties,=20
and=20
>confers no rights.
>>
>>
>>.
>>
>.
>
Top