News

Crystal Security Flaw Affects Microsoft Products

A newly patched vulnerability in the Business Objects Crystal Reports software that is packaged with several Microsoft applications could allow an attacker to retrieve and delete files on an affected system.

The Crystal Reports patch is for one of two "moderate" vulnerabilities Microsoft fixed during its monthly Patch Tuesday, the day each month when Microsoft releases all the fixes it is ready to deliver. The other new flaw involves a DirectX feature present in most versions of Windows. However, that flaw appears to primarily affect gamers.

Microsoft uses its moderate rating to describe flaws that are difficult to exploit or at least partially mitigated by default installation settings. Both flaws are newly discovered and neither has been reported as being exploited, according to Microsoft.

Products that include Crystal Reports and are therefore vulnerable to the directory traversal flaw in the software include Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager and Microsoft Business Solutions CRM 1.2.

The problem with DirectX involves versions 7.0 through 9.0 and can occur on all supported versions of Windows from Windows 98 through Windows Server 2003 except for the Windows NT 4.0 platforms. A flaw in the DirectPlay component of DirectX could allow an attacker to crash the application using DirectPlay.

The patches for the flaws are the 16th and 17th released by Microsoft this year. Technical details about the problem with Crystal Reports can be found here. The bulletin about the DirectPlay vulnerability is here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.