Microsoft releases monthly security patches

Microsoft Corp. released software updates for versions of Windows XP and Windows Server 2003 and warned customers about a security vulnerability in a Windows component called IDirectPlay4, which is used to support multiplayer network games. The security hole, if successfully exploited, could allow a remote attacker to cause a Windows application using the affected component to fail, creating a denial of service attack. Microsoft published a bulletin describing the hole, MS04-016, and rated the problem "moderate," indicating that the hole is difficult to exploit or can be fixed by changing configuration settings or other factors. (See http://www.microsoft.com/technet/security/bulletin/MS04-016.mspx.)

IDirectPlay4 is one of three APIs (application programming interfaces) that make up Microsoft DirectPlay, a protocol that provides networking services for networks based on TCP/IP (Transmission Control Protocol/Internet Protocol) and IPX (Internetwork Packet Exchange). DirectPlay is frequently used to support multiplayer games.

A remote attacker could trigger the security vulnerability by connecting to a machine using DirectPlay and sending a specially misformatted data packet to the machine. When received, that packet would cause the application using DirectPlay to crash, Microsoft said.

Microsoft provided patches for both 32- and 64-bit versions of Windows XP and Windows Server 2003 and said customers should consider applying the updates.