SillyDog701

[DJGM]

Just about all versions of Microsoft DirectX, on most versions of Windows are affected
by a number of serious security vulnerabilities that Microsoft have described as critical.

MS alerts users to Windows DirectX vulnerability

Microsoft yesterday warned of security flaws with DirectX's DirectShow component that
might be used by an attacker to run hostile code on vulnerable Windows machines.

Redmond has issued a patch - designated as critical - which users are urged to review.

The list of affected software is extensive: Microsoft DirectX 5.2 on Windows 98;
MS DirectX 6.1 on Windows 98 SE; DirectX 7.0a and DirectX 9.0a on Windows Me;
DirectX and DirectX 9.0a 7.0 on Win 2000; DirectX 8.1 and DirectX 9.0a on Win XP;
DirectX 8.1 and DirectX 9.0a on Win Server 2003 are all potentially vulnerable.

More info about these DirectX vulns, available in the rest of the article, @ TheRegister.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

[profman]

I think, although I am not sure, that the only fix MS has is to install Directx 9.0b which has no uninstall.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624

[DJGM]

WHAT ?!? They've released software you can't uninstall ?!? How could they? How inconsiderate!

(DJGM regains his usual composure, and does away with the gratuitous sarcasm . . . )

According to Microsoft Security Bulletin MS03-030, you can either get a patch to fix the vuln,
or you can upgrade to DX 9.0b, which already contains the necessary stuff that fixes the vuln.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

[Antony]

WHAT ?!? They've released software you can't uninstall ?!? How could they? How inconsiderate!

It was not the first time they released software/upgrades you can't uninstall.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) (CK-SillyDog)

[profman]

I'm suprised that MS actually released a patch instead of forcing the whole world to upgrade to a new version of Directx (9.0b).

Direct 9.0b is listed as a "Critical Update" at the Windows 98 Update site. My earlier, limited research on Directx 9.0b did not reveal the existence of the patches.

MS typically does not allow you to uninstall new versions of Directx, although I believe there have been rare exceptions to this rule.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624

[sparkydog]

Is there a way to disable (or delete) DirectX? I will never use it.

And, while we're at it...how about ActiveX?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)