Technology news and Jobs arrow Information Technology News arrow Microsoft patches ANI vulnerability
Microsoft patches ANI vulnerability E-mail
by Stephen Withers   
Wednesday, 04 April 2007
A "critical" out-of cycle security update released by Microsoft on Tuesday fixes the animated cursor vulnerability that potentially allowed attackers to take control of a system.
Register now to win a Canon EOS 500D Cannon EOS 500D Digiral SLR

The flaw is often called the ANI vulnerability, as it relates to animated cursor files, which normally have the .ani suffix.

Exploits are relatively widespread, so applying the patch is an urgent matter. Security companies have detected several different attacks from hundreds of sites.

For example, security vendor Websense says it has found one particular attack has been installed more than 450 compromised web sites, resulting in "tens of thousands of pages with exploit code links on them" to silently install a generic password stealer when people visit the pages.

Yet Microsoft security program manager Christopher Budd wrote in the Microsoft Security Response Center Blog "We have been monitoring the situation throughout and our indications, and those of our MSRA partners, show there is a threat for attacks against this vulnerability to increase although we haven’t seen anything widespread. Based on customer feedback and our teams’ ability to complete testing in an expedited manner by working around the clock, we’ve gone ahead and released this update early to help better protect customers from this threat."

The update patches other, less severe vulnerabilities in Windows' Graphics Device Interface (GDI) code. Most allow privilege elevation and are rated "important"; one allows a malformed WMF file to freeze or possibly restart a system.

Tuesday's patch applies to Windows 2000, XP, Server 2003 and Vista. It can be downloaded from Microsoft's web site (via this page) or installed through Software Update.

One problem with the patch has already been identified - it conflicts with the Realtek HD Audio control panel. A hotfix is available from Microsoft.

The regular Patch Tuesday is scheduled for next week and Microsoft still expects to release updates on that day, though no details have been released yet.{moscomment}

Please enable JavaScript in your browser to post your comment!

Tags See All Tags Add New Tag...

Please Enter New Tags Separated By Comma's
  Or Close

Malware  Microsoft  Security  Stephen Withers  Vista  Web  Windows 
Powered By Joomla Tags
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 665,005
Subscribers 14,517
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines