Secunia simple doesn't show any vulnerabilities on my setup, including the old DirectX 9 components. The only thing that isn't patched with older DirectX is the DirectPlay component, which is vulnerable against DOS attacks. That isn't a big issue, as it only affects online gaming and only if the old DirectPlay component is actually used by the game. Often this isn't even the library installed on your system, but one that comes exclusively with the game (within the game's folder), no matter which DirectX you've got installed. Hence abstaining from DirectX 9 wouldn't help at all in that case. A DOS attack is simply a way of flooding your PC with network packets, to keep it occupied. If there are enough of these special packets it could cause the loss of your network connection, delays or freezes etc. But generally it's not very dangerous. Keep in mind, that the attacker has to send all the packets somehow, so either his computer is pretty occupied too or he has to use more, e.g. kidnapped PCs or pay for such "services" in the dark web. It's all in all rather cumbersome to just freeze someone's PC. The attacker also needs your IP address, has to know that you're using this special old library at the moment and maybe even have to circumvent other protective mechanisms of your router, firewall and Windows, short, he has to be somewhere close to the game you're playing, e.g. publicly hosted multi-player games using the old library and also has to put quite some effort into it. I don't even know which games could be affected, because it's not a very relevant threat. Still, you're right in digging deeper, it's a little glitch. There are also rumors about an unpatched vulnerability in all DirectX versions (9 to 11) that allows remote code execution, which would be far more dangerous. Anyway, it's rumors and if so, the only defense would be to abstain from all online games based on DirectX, till it's fixed. Actually, there have been such vulnerabilities in the past and 99% of all gamers just don't know nor were they affected by an attack. Only an offline system is a safe system, watch Battlestar Galactica ;-)
Post edited October 13, 2014 by DeMignon