Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft Updates 2 DirectX Bulletins - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Updates 2 DirectX Bulletins

Microsoft has issued a "Security Bulletin Major Revision" involving its DirectX products.  These revisions include the following two previously released bulletins and particularly affect administrative users as the resulting compromise allows the attacker to gain user rights. 

MS08-033   Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) is rated as critical and states that DirectX 9.0 was added as affected software. This vulnerability can be exploited through a specially crafted media file.  http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx

MS07-064   Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) is also rated critical and has been updated to reflect DirectX 9.0 and 9.0a as affected software.  This vulnerability can be exploited through a specially crafted media file via streaming.  http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx

Yet another opportunity to remind administrators to try not to log in with admin rights unless it is absolutely necessary.  It is much better to use a non-admin profile for routine tasks and surfing.  And yes, it might be more cumbersome, but surely, more secure.

Mari Nichols

76 Posts
"Yet another opportunity to remind administrators to try not to log in with admin rights unless it is absolutely necessary."
(I am only bit advanced in using homePC - but) I think that this is why the "alterego"-project from SPYBOT maybe interesting for IT-profs?!
Henrik

2 Posts
about the project:
http://forums.spybot.info/showpost.php?p=180248&postcount=1
Henrik

2 Posts

Sign Up for Free or Log In to start participating in the conversation!