- Microsoft Announces New Vulnerability Affecting Cursors and Icons
Thanks to Greg D. Feezel, CISSP, Founder and Steering Committee Member of the Northeast Ohio Information Security Forum for sending this in.
A new vulnerability affecting animated cursor and icons in Windows that has been announced. No patch
exists for the vulnerability and exploit code has been released and there are reports of some malware exploiting this problem. Furthermore, Microsoft has acknowledged the issue raising the potential for an increase in exploitation.
According to McAfee, IE version 6 and version 7 running on fully patched versions of Windows XP SP2 are vulnerable. Windows version 2000 SP4 and Server 2003 (non & SP1) are also reportedly vulnerable. Vista is also
reported to be vulnerable but only witnessed as a denial-of-service at this point.
Computers can be infected by simply visiting a website containing a malicious .ANI file or HTML email message with one placed on it. In the past, malicious websites have used this type of vulnerability to silently install malware onto an unsuspecting visitor. These are also known as "drive-by" installs.
Suggested Actions:
Enable a firewall
Keep receiving software updates from Microsoft
Install anti-virus and anti-spyware software- ensure they are updated.
Use extreme caution when you accept file transfers from both known and unknown sources.
For More Reading:
