Microsoft issued another passel of warnings about security holes Wednesday, including a "critical" flaw that affects most Windows PCs. The most serious of the flaws involves DirectX, a library of graphics and multimedia programming instructions used by most PC games, and could allow malicious users to run code of their choice on a vulnerable PC. The flaw is unusually widespread, affecting all versions of DirectX from version 5.2 to the current 9.0a running on all versions of Windows from Windows 98 through the new Windows Server 2003, according to the Microsoft bulletin.

The flaw, which received Microsoft's highest severity rating, involves the way DirectX handles MIDI music files. A malformed MIDI file could overrun the buffer in DirectX, at which point extra software embedded in the file would be executed. Exploiting the flaw would entail the creation of a maliciously malformed MIDI file, which vulnerable Windows users would have to be tricked into running, either through e-mail or a Web page. "They'd have to come up with some way to get the user to click on that file," Stephen Toulouse of Microsoft's Security Response Center said, noting that default security settings in recent versions of Microsoft Outlook e-mail software and the Internet Explorer Web browser prevent the automatic launching of such files.