Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

The SpywareGuide Greynets Blog

Main

March 29, 2007

  • Microsoft Announces New Vulnerability Affecting Cursors and Icons

Thanks to Greg D. Feezel, CISSP, Founder and Steering Committee Member of the Northeast Ohio Information Security Forum for sending this in.

A new vulnerability affecting animated cursor and icons in Windows that has been announced. No patch
exists for the vulnerability
and exploit code has been released and there are reports of some malware exploiting this problem. Furthermore, Microsoft has acknowledged the issue raising the potential for an increase in exploitation.

According to McAfee, IE version 6 and version 7 running on fully patched versions of Windows XP SP2 are vulnerable. Windows version 2000 SP4 and Server 2003 (non & SP1) are also reportedly vulnerable. Vista is also
reported to be vulnerable but only witnessed as a denial-of-service at this point.

Computers can be infected by simply visiting a website containing a malicious .ANI file or HTML email message with one placed on it. In the past, malicious websites have used this type of vulnerability to silently install malware onto an unsuspecting visitor. These are also known as "drive-by" installs.

Suggested Actions:

Enable a firewall
Keep receiving software updates from Microsoft
Install anti-virus and anti-spyware software- ensure they are updated.
Use extreme caution when you accept file transfers from both known and unknown sources.

For More Reading:

See Microsoft Advisory

Avert Labs Blog
Avert Labs Blog

September 17, 2006

  • Latest Tech Stories From The Web According to Digg

Many seemed to enjoy the latest security stories at Digg.com so by popular demand the latest round up of hottest raw technical news from Digg.com...while the FSL team prepares for what appears to be a long week of security madness...

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.