On the second Tuesday of each month, Microsoft issues a set of security updates, and this month's offering is slightly less alarming than usual. The company released only two patches, both rated moderate. Microsoft says that the patches fix problems with DirectPlay and the Web viewer in Business Objects' Crystal Reports and Crystal Enterprise.
Microsoft says it recently discovered a Denial of Service (DoS) vulnerability in DirectPlay and is fixing that problem in this month's security patch releases. Part of the Microsoft DirectX multimedia gaming libraries, DirectPlay is a programming interface that certain online games use, and the vulnerability in its code affects multiple DirectX versions that run on a variety of Windows releases. "If a user is running a networked DirectPlay application, an attacker who successfully exploited this vulnerability could cause the DirectPlay application to fail," states the Microsoft support bulletin that describes the flaw. "The user would have to restart the application to resume functionality."
The Crystal Reports Web viewer is a third-party tool but because Microsoft has distributed the viewer with some of its own products, including Microsoft Visual Studio .NET 2003 and Microsoft Office Outlook 2003 with Business Contact Manager, the company says that it's responsible for fixing the problem. The vulnerability also affects Crystal Enterprise, which Microsoft ships with Microsoft Business Solutions CRM 1.2. "An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web viewers on an affected system," the support bulletin states.
So far this year, Microsoft has issued 17 security patches that fix multiple vulnerabilities. By comparison, Apple Computer has released six sets of security patches that fix numerous vulnerabilities in various versions of Mac OS X, a much less widely used OS that's often cited as being more secure than Windows.
If you want to keep your Windows system up-to-date with security fixes, enable the Automatic Updates feature or visit Windows Update regularly. Alternatively, you can visit Microsoft's Security Web site to manually download patches and find out more about the most recent security patches.