The Animated Cousor Vulnerability
28/05/07 12:14 PM Filed in: Technology
Microsoft learned of this vulnerability in all
versions of Windows more than three months ago, on
December 20th, 2006, but did nothing to protect their
customers.
...Microsoft was forced to publish this acknowledgement of the vulnerability and since they have known of it for many months they have now stated that they will be pushing out an early, out-of-cycle official update to eliminate this vulnerability on Tuesday, April 3rd, 2007.
Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update.
PLEASE READ MORE!!!
...Microsoft was forced to publish this acknowledgement of the vulnerability and since they have known of it for many months they have now stated that they will be pushing out an early, out-of-cycle official update to eliminate this vulnerability on Tuesday, April 3rd, 2007.
Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update.
PLEASE READ MORE!!!
The Animated Cousor Vulnerability
serious zero-day exploit that affects NT, XP, and
Vista - even if fully patched.
An interim patch is available from eEye for use until Microsoft provides an official update. (But see below first, since Microsoft is patching out-of-cycle.)
At the end of March, exploitation of a previously (publicly) unknown vulnerability in Windows' animated cursor (ANI) processing was detected in the wild. This new vulnerability is now being widely exploited to install Trojan malware into unpatched Windows 2000, XP, Server 2003 and Vista systems.
All fully patched Windows systems are currently vulnerable.
Microsoft learned of this vulnerability in all versions of Windows more than three months ago, on December 20th, 2006, but did nothing to protect their customers.
Proof-of-Concept code has now been publicly released, guaranteeing rapid and widespread adoption of this exploit.
Microsoft was forced to publish this acknowledgement of the vulnerability and since they have known of it for many months they have now stated that they will be pushing out an early, out-of-cycle official update to eliminate this vulnerability on Tuesday, April 3rd, 2007.
Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update. But be sure to look for this update on or after Tuesday, April 3rd.
Thanks,
Tom Paulus
P.S. Please go to Microsoft's Web site and get the special out-of-cycle update. PLEASE
An interim patch is available from eEye for use until Microsoft provides an official update. (But see below first, since Microsoft is patching out-of-cycle.)
At the end of March, exploitation of a previously (publicly) unknown vulnerability in Windows' animated cursor (ANI) processing was detected in the wild. This new vulnerability is now being widely exploited to install Trojan malware into unpatched Windows 2000, XP, Server 2003 and Vista systems.
All fully patched Windows systems are currently vulnerable.
Microsoft learned of this vulnerability in all versions of Windows more than three months ago, on December 20th, 2006, but did nothing to protect their customers.
Proof-of-Concept code has now been publicly released, guaranteeing rapid and widespread adoption of this exploit.
Microsoft was forced to publish this acknowledgement of the vulnerability and since they have known of it for many months they have now stated that they will be pushing out an early, out-of-cycle official update to eliminate this vulnerability on Tuesday, April 3rd, 2007.
Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update. But be sure to look for this update on or after Tuesday, April 3rd.
Thanks,
Tom Paulus
P.S. Please go to Microsoft's Web site and get the special out-of-cycle update. PLEASE