[Infowarrior] - Microsoft readies emergency ANI patch

Richard Forno rforno at infowarrior.org
Mon Apr 2 15:24:00 UTC 2007 

Microsoft readies emergency ANI patch
Published: 2007-04-02
http://www.securityfocus.com/brief/474?ref=rss

Microsoft shifted gears over the weekend, announcing plans on Sunday to
release an emergency patch for a vulnerability that the company has known
about for more than three months.

The flaw, which occurs in the way that Windows handles animated cursor
(.ANI) files, came to light last week, after attackers started using the
vulnerability to compromise victims through Web and e-mail attacks. Security
firm Determina had notified Microsoft of the vulnerability in December 2006,
and the software giant planned to fix the issue in its regularly scheduled
April patch, the company said.

Now, Microsoft will release the patch a week early.

"From our ongoing monitoring of the situation, we can say that over this
weekend attacks against this vulnerability have increased
somewhat--additionally, we are aware of public disclosure of
proof-of-concept code," Christopher Budd, security program manager for
Microsoft Security Response Center, said in a statement posted to the
group's blog. "In light of these points, and based on customer feedback, we
have been working around the clock to test this update and are currently
planning to release the security update that addresses this issue on Tuesday
April 3, 2007."

Reports of attacks and public exploits using the flaw in the way Windows
handles animated-cursor (.ANI) files increased toward the end of last week.
A group that uses compromised Web sites to redirect visitors to a number of
Chinese sites hosting malicious content has begun to exploit the flaw to
compromise victims' systems. Security Web site milw0rm.com is currently
hosting two different exploits for the vulnerability. Both Immunity and the
Metasploit Project have incorporated exploits for the issue into their
security-checking software.

The flaw affects all versions of Windows, including Windows Vista, and can
be exploited through Internet Explorer 6 and 7 as well as e-mail. Microsoft
stated that the company will continue testing the patch up until release and
an issue could be found that delays the release of the update.

More information about the Infowarrior mailing list