Crystal Security Flaw Affects Microsoft Products

A newly patched vulnerability in the Business Objects Crystal Reports software that is packaged with several Microsoft applications could allow an attacker to retrieve and delete files on an affected system.

The Crystal Reports patch is for one of two "moderate" vulnerabilities Microsoft fixed during its monthly Patch Tuesday, the day each month when Microsoft releases all the fixes it is ready to deliver. The other new flaw involves a DirectX feature present in most versions of Windows. However, that flaw appears to primarily affect gamers.

Microsoft uses its moderate rating to describe flaws that are difficult to exploit or at least partially mitigated by default installation settings. Both flaws are newly discovered and neither has been reported as being exploited, according to Microsoft.

Products that include Crystal Reports and are therefore vulnerable to the directory traversal flaw in the software include Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager and Microsoft Business Solutions CRM 1.2.

The problem with DirectX involves versions 7.0 through 9.0 and can occur on all supported versions of Windows from Windows 98 through Windows Server 2003 except for the Windows NT 4.0 platforms. A flaw in the DirectPlay component of DirectX could allow an attacker to crash the application using DirectPlay.

The patches for the flaws are the 16th and 17th released by Microsoft this year. Technical details about the problem with Crystal Reports can be found here. The bulletin about the DirectPlay vulnerability is here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Windows 10 Preview Adds Windows Subsystem for Linux 2 on ARM64 Devices

    Microsoft's latest Windows 10 preview release for testers (build 18980), announced on Wednesday, includes support for version 2 of the Windows Subsystem for Linux, plus ARM64 device support for WSL 2.

  • Microsoft Defender Advanced Threat Protection Evaluation Lab Now Available

    The Microsoft Defender Advanced Threat Protection (ATP) Evaluation Lab is now ready for use by organizations.

  • How Organizations Can Adapt to SharePoint's 'Modern' Shift

    In a September interview, SharePoint expert Asif Rehmani described how users, developers and organizations are dealing with SharePoint Online's so-called "modern" innovations.

  • Microsoft Urges LDAP Workaround Fix for Windows Systems

    Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.