Today Microsoft has officially released DirectX 9.0b

Reason for release:
DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation, and rendering.

There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it could be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged-on user.

An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it by using an HTML-based e-mail. In the case where the file was hosted on a Web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page the vulnerability could be exploited when a user visited the Web page. In the HTML-based e-mail case, the vulnerability could be exploited when a user opened or previewed the HTML-based e-mail. A successful attack could cause DirectShow, or an application making use of DirectShow, to fail. A successful attack could also cause an attackerís code to run on the userís computer in the security context of the user.

There are two ways to obtain that fix, either you download a small download package which fixes the security issue in DirectShow or you can download the whole DirectX 9.0b End-user runtime package. In both cases, your DirectX version will be updated to 9.0b and build number will be updated to 4.90.00.0902.

The only difference is that DirectX 9.0b can not be uninstalled while DirectX 9.0a patch can be uninstalled if you want to restore your previous version of DirectX.

DirectX 9.0b requires Windows Server 2003 (all versions except Windows Server 2003 64-bit editions), Windows XP (all versions except Windows XP 64-bit editions), Windows 2000 Service Pack 3 (SP3), Windows 2000 Service Pack 4 (SP4), or Microsoft Windows Millennium Edition.The Microsoft Windows 2000 version of the security patch is included in Windows 2000 Service Pack 4 (SP4).

Download: DirectX 9.0a to 9.0b update patch

Download: DirectX 9.0b Redistributable for Software Developers

Download: DirectX 9.0b End-User Runtime

source: W2S