SECURITY

Microsoft Hurries Fix for Cursor Flaw

Print Version
E-Mail Article
Reprints

By Tim Gray
TechNewsWorld
04/02/07 11:48 AM PT

Redmond will release a software patch that fixes a vulnerability affecting Windows' animated mouse cursor graphics. Microsoft's security advisory last week warned customers that the vulnerability was allowing hackers to break into computers and install malicious software.


Web 2.0 is Here– Is Your Web Infrastructure Ready?
Web 2.0 has paved the way for a new level of interaction between shoppers and retailers. However, without rapid delivery of your rich Web content, the benefits will go unrealized. Maximize the value of your interactive Web site. Read White Paper Now.

Microsoft (Nasdaq: MSFT) Latest News about Microsoft announced the early release of a patch that will eliminate an increasingly dangerous Windows Rackspace is the expert when it comes to delivering Windows and Linux hosting solutions. Click here to learn more. flaw from users' PCs -- a full week before the company's scheduled monthly "Patch Tuesday" cycle.

The software giant's move to fix the vulnerability on Tuesday was provoked by an increasing number of hackers who stepped up attacks on PCs running various versions of Windows on Friday, a day after Microsoft first disclosed the vulnerability.

The patch will address the vulnerability in Windows Animated Cursor Handling, a component of Windows, according to Microsoft.

Malicious Code

Redmond released a security advisory last week, warning customers that a vulnerability in Windows ANI files was allowing hackers to break into computers and install malicious software.

The files are used to change the mouse cursor into the familiar hourglass icon -- or another animated option -- while a program is busy.

Microsoft originally planned to release the update next week as part of its regular monthly release of security bulletins; however, the company became aware of the existence of a public attack utilizing the vulnerability and decided to act. Testing the patch was completed earlier than expected, said the company.

Zero Day

While the zero-day attack is designed to exploit PCs running Windows Vista, the mouse cursor vulnerability has also been found on Windows 2000 Service Pack 4, Windows XP Service Pack 2 and some versions of Windows Server 2003, according to the company.

Microsoft's monitoring of attack data continues to indicate limited impact on Windows users, the company said. However, the firm is actively monitoring the situation to keep customers up to date.

Highly Critical

Security experts at McAfee Latest News about McAfee spotted a post on a Chinese message board on Wednesday, which indicated that hackers were planning to exploit the vulnerability, Craig Schmugar, a virus researcher at McAfee Avert Labs, told TechNewsWorld.

McAfee has rated the exploit "highly critical" and suggests that users should download the patch as soon as Microsoft releases it, otherwise they could end up with a malicious program on their PC after a browsing the Web and not know it, Schmugar said.

The vulnerability does not suggest that Windows Vista has a fundamental security flaw, added Schmugar.

"These programs are designed by humans and there are going to be flaws and vulnerabilities," he said. "[Vista] has additional mitigation factors some others, such as XP, do not."

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Tim Gray   RSS

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]