DirectX attack expected



Following last week's MSBlast worm attack, security experts at Microsoft and other firms are worried that a recently discovered vulnerability in DirectX could cause even more problems, ZDNet UK reports.

In the wake of MSBlast, there is another vulnerability that could completely overshadow last week's events. On July 23 Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to Microsoft, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.

Russ Cooper, chief scientist at security company TruSecure, expects a worm or virus to take advantage of the vulnerability in the near future: "We are definitely afraid of the DirectX vulnerability." The vulnerability, he said, is very widespread because few people have applied the patch for this. Cooper believes it could be exploited by a worm that uses several methods of spreading, similar to the way that MSBlast did.

Stuart Okin, chief security officer at Microsoft UK, told ZDNet UK: "My real worry is about a more destructive trojan coming on to people's machines. They need to patch their systems, but more importantly, put into place the automatic update," he said.

An End User version of the bulletin is available at: