Microsoft Releases Emergency “Animated Cursor” Fix
I told you about the “animated cursor” zero day exploit on Vista… well today they released the fix.
“Microsoft Corp. plans to patch a security hole in Windows on Tuesday related to an animated cursor that hackers have used to launch attacks after users click on links to malicious Web sites. Microsoft, whose Windows operating system runs on some 95 percent of the world’s computers, said it would release the patch outside of a regular monthly security update because it completed testing earlier than anticipated. ‘Microsoft’s monitoring of attack data continues to indicate that the attacks and customer impact is limited,’ the world’s biggest software maker said in a statement. Security firm F-Secure said attacks using the flaw related to cursor animation files used by Windows intensified over the weekend, with the majority tracing back to different Chinese hacker groups. It said most of the activity around the so-called ANI exploit has been via dozens of malicious Web sites but warned that on Sunday the first Internet worm, able to replicate without the user doing anything to the machine, was found using the flaw to spread. ‘This vulnerability is really tempting for the bad guys,’ said Mikko Hypponen, chief research officer at F-Secure. ‘It’s easy to modify the exploit, and it can be launched via Web or e-mail fairly easily.'”