No. 1 Story
HP job cuts loom for Australian employees
A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.
read moreRelated Articles
Microsoft, patches, ANI, vulnerabilityMac owners planning to run Windows Vista under virtualisation software such as Parallels Desktop...
As soon as Microsoft Office 2007 for Windows started appearing on corporate desktops, users...
Microsoft and equipment manufacturers are set to unveil a range of telephone devices designed...
Microsoft and flash memory maker SanDisk have teamed up to develop new portable USB...
Significant features previously planned for the first version of Microsoft Windows Server virtualisation (code...
Microsoft patches ANI vulnerability
Stephen Withers
Wednesday, 04 April 2007 02:54
Exploits are relatively widespread, so applying the patch is an urgent matter. Security companies have detected several different attacks from hundreds of sites.
For example, security vendor Websense says it has found one particular attack has been installed more than 450 compromised web sites, resulting in "tens of thousands of pages with exploit code links on them" to silently install a generic password stealer when people visit the pages.
Yet Microsoft security program manager Christopher Budd wrote in the Microsoft Security Response Center Blog "We have been monitoring the situation throughout and our indications, and those of our MSRA partners, show there is a threat for attacks against this vulnerability to increase although we haven’t seen anything widespread. Based on customer feedback and our teams’ ability to complete testing in an expedited manner by working around the clock, we’ve gone ahead and released this update early to help better protect customers from this threat."
The update patches other, less severe vulnerabilities in Windows' Graphics Device Interface (GDI) code. Most allow privilege elevation and are rated "important"; one allows a malformed WMF file to freeze or possibly restart a system.
Tuesday's patch applies to Windows 2000, XP, Server 2003 and Vista. It can be downloaded from Microsoft's web site (via this page) or installed through Software Update.
One problem with the patch has already been identified - it conflicts with the Realtek HD Audio control panel. A hotfix is available from Microsoft.
The regular Patch Tuesday is scheduled for next week and Microsoft still expects to release updates on that day, though no details have been released yet.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
