Recently in Technical News Round Up Category

Thanks to Greg D. Feezel, CISSP, Founder and Steering Committee Member of the Northeast Ohio Information Security Forum for sending this in.

A new vulnerability affecting animated cursor and icons in Windows that has been announced. No patch
exists for the vulnerability
and exploit code has been released and there are reports of some malware exploiting this problem. Furthermore, Microsoft has acknowledged the issue raising the potential for an increase in exploitation.

According to McAfee, IE version 6 and version 7 running on fully patched versions of Windows XP SP2 are vulnerable. Windows version 2000 SP4 and Server 2003 (non & SP1) are also reportedly vulnerable. Vista is also
reported to be vulnerable but only witnessed as a denial-of-service at this point.

Computers can be infected by simply visiting a website containing a malicious .ANI file or HTML email message with one placed on it. In the past, malicious websites have used this type of vulnerability to silently install malware onto an unsuspecting visitor. These are also known as "drive-by" installs.

Suggested Actions:

Enable a firewall
Keep receiving software updates from Microsoft
Install anti-virus and anti-spyware software- ensure they are updated.
Use extreme caution when you accept file transfers from both known and unknown sources.

For More Reading:

See Microsoft Advisory

Avert Labs Blog
Avert Labs Blog

Many seemed to enjoy the latest security stories at Digg.com so by popular demand the latest round up of hottest raw technical news from Digg.com...while the FSL team prepares for what appears to be a long week of security madness...

About this Archive

This page is a archive of recent entries in the Technical News Round Up category.

Spyware Research is the previous category.

The Mail Bag is the next category.

Find recent content on the main index or look in the archives to find all content.