Microsoft Monitor Weblog A Jupiter Research Business Weblog
 
Jupiter's Microsoft Monitor Research Service helps vendors prepare for market opportunities created by new Microsoft initiatives. In addition, Microsoft Monitor helps business and enterprise users discover which strategies are most successful in dealing with Microsoft and how to best exploit the customer relationship. The Microsoft Monitor Weblog is a companion to Jupiter's Microsoft Monitor Research Service and provides additional news, analysis and insight relevant to the areas most important for Microsoft's growth in both the business and consumer marketplaces. The content on this Weblog is often based on late-breaking events whose sources are deemed to be reliable. The insight and recommendations represent Jupiter's initial analysis. As a result, our positions are subject to refinements or major changes as Jupiter analysts gather more information and perform further analysis. Feedback is welcome at mm@jupitermedia.com.

Contact Us
More information about Jupiter's Microsoft Monitor Research service is available by contacting Kieran Kelly at researchsales@jupitermedia.com or by telephone at 1-800-481-1212

Blogroll
David Card
Michael Gartenberg
Alan Meckler
David Schatsky

September 2005
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Archives
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003

Recent Entries
My PDC Post Morteum
Microsoft Office, the Server Edition, Part Two
Windows Workflow Foundation and Expression
PDC: The Big Day
Windows Vista Sleeper Announcements

August 20, 2003
DirectX Security Alert

Microsoft issued three security bulletins, today, one warning of a flaw in DirectX. The new alert updates a July 23 warning of a "critical" flaw. The security hole would allow a hacker to create a buffer overrun in, of all places, the Musical Instrument Digital Interface (MIDI). The updated alert, available here, increases the number of available patches, as the flaw affects about every DirectX version released in the last five years.

Another critical bulletin, here, addresses a buffer overrun flaw affecting Microsoft Data Access Components (MDAC). The new alert updates another from July 31. Apparently, Microsoft misidentified the earlier exploit.

A third critical alert, here, offers information on multiple Internet Explorer exploits and provides access to a cumulative patch.

The new alerts, particularly for MDAC, highlight the problems businesses face managing patches. Businesses that applied the earlier patch may need to do so again with the newer one. Microsoft's documentation is unclear on the matter, other than indicating the older patch "has been superceded" by the newer one.

Since all three alerts warn of critical flaws, I would recommend that Microsoft customers test and roll out the security fixes as quickly as technically feasible.

Posted by Joe Wilcox at August 20, 2003 05:16 PM
Copyright 2004 Jupitermedia Corporation. All Rights Reserved.
Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.