This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
The computer is not protected if you apply an incorrect version of this security update
If you manually download and then apply an incorrect version of this security update, the computer will not be protected. For example, consider the following scenario:
You previously upgraded the in-box DirectX component on a computer that is running Windows 2000 to a newer version of DirectX. For example, you upgraded the default version of DirectX 7 in Windows 2000 to DirectX 9.
You manually download the update for DirectX 7 from the Microsoft download center, and then you installed it on the affected computer.
In this scenario, the update installs successfully. However, the vulnerable binary is not replaced. Therefore, the computer remains in a vulnerable condition.
We recommend that you run the DirectX Diagnostic Tool to determine the version of DirectX that you are running to make sure that you download the correct version of this security update.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
157730 How to determine the version of DirectX using the DirectX Diagnostic Tool
The Quartz.dll file appears as an unsigned binary
Consider the following scenario:
You install this update on a computer that is running Microsoft Windows 2000 with Service Pack 4 and that has DirectX 7 installed.
You upgrade the system to DirectX 9.
You try to update the system again by using this update.
In this scenario, the Quartz.dll file is successfully updated to the secured version. However, the file may appear as an unsigned binary.
To avoid this issue, follow these steps:
Uninstall the update for the earlier version of the Microsoft DirectShow application.
The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows 2000 file information
For all supported editions of Microsoft Windows 2000 (DirectX9)
For all supported editions of Microsoft Windows 2000 (In-band)
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE