Risk: Low
Microsoft has released a duo of security alerts, however neither is particularly serious in nature.
First up there's a flaw in the Application Programming Interface (API) of Microsoft DirectPlay. Software that implements this API is typically network-based multi-player games. An attacker who exploited the vulnerability could cause a networked DirectPlay application to fail.
The "moderate" vulnerability affects Windows 2000 (SP2 and later), Windows XP, Windows XP 64-Bit Edition SP1, Windows Server 2003 (regular and 64-Bit Edition) and DirectX Versions 7.0 and later. Microsoft has issued a patch.
Microsoft has also announced a vulnerability in Crystal Reports Web Viewer that could allow information disclosure or denial of service. The flaw stems from a newly discovered vulnerability in Crystal Reports and Crystal Enterprise from Business Objects. Microsoft Visual Studio .NET 2003 (all versions) and Outlook 2003 with Business Contact Manager redistribute Crystal Reports and are therefore affected. Microsoft Business Solutions CRM 1.2 redistributes Crystal Enterprise and is likewise affected by the "moderate risk" vulnerability.
An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web viewers on an affected system.