Another series of security hole warnings, this time highlighting music files played by PC games' graphics and programming instruction library, and advising that malicious users could run their own codes on vulnerable computers, was issued Wednesday by Microsoft.
The good news: Such code files can be prevented automatically by defaults in recent Outlook and Internet Explorer versions, according to Microsoft.
ZDNet.com reported the flaw in the DirectX package flaw is "unusually widespread," with Microsoft's bulletin saying it affects all versions from 5.2 to the current 9.0a which runs all Windows versions from Windows 98 through the new Windows Server 2003.
Microsoft gave the new flaw its highest severity rating, ZDNet said. It affects how DirectX handles the MIDI music files common to PC games. Malformed such files could overrun the DirectX buffer, executing extra software embedded in the file, and leaving room enough for malicious hackers to create "a maliciously malformed MIDI" that Windows users would have to "be tricked" into operating by e-mail or Web page, ZDNet continued.
"They'd have to come up with some way to get the user to click on that file," Microsoft Security Response Center's Stephen Toulouse told ZDNet. But he added that default security setting in recent Outlook and Internet Explorer versions prevent automatically launching those files.
