Microsoft releases patch for Windows ANI flaw

By Bill Brenner, Senior News Writer 02 Apr 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft Corp. on Tuesday released the anticipated out-of-band patch for the critical MS07-017 Windows ANI cursor-handling flaw. The company originally had planned to release the patch for MS07-017 next Tuesday with its normal set of monthly fixes, but officials decided to publish it early because of ongoing attacks against the vulnerability.

This fix marks just the third time that Microsoft has released a security patch outside of the monthly cycle, a clear indicator of the severity of the vulnerability and the company's concern about the attacks. Microsoft officials said the attacks at this point are limited, but they're continuing to monitor the situation.

The MS07-017 vulnerability is in how Windows handles animated cursor (.ani) files. Microsoft confirmed last week that attackers could exploit it to run malicious commands on a victim's machine. The flaw can be exploited when users visit a malicious Web site or open a tainted email attachment. Users are at risk even if they are browsing with Internet Explorer 7 on a system running Windows Vista. Most versions of Windows are vulnerable.

Microsoft Word ANI zero-day: Microsoft warns of Windows zero-day; third-party fix released: Attackers are exploiting a new zero-day flaw in Windows, Microsoft confirmed Thursday. eEye Digital Security has released a temporary patch.

Indeed, attackers have wasted no time in exploiting the flaw, according to a variety of security vendors. The Bethesda, Md.-based SANS Internet Storm Center (ISC) took the rare step of raising its alert system to yellow due to the ANI exploit over the weekend because of the number of sites hosting malware that could exploit the flaw.

"We continue to receive reports of sites hosting the malware, possibly to get ready for the Monday work day in Europe and the US," ISC handler Kevin Liston wrote on the ISC Web site.

The Chinese Internet Security Response Team (C.I.S.R.T) has detected a worm-like payload that exploits the ANI flaw. According to the C.I.S.R.T ANI zero-day report, "It has the same behavior as Worm.Win32.Fujacks [and] can infect .html .aspx .htm .php .jsp .asp and .exe files." The exploit inserts malicious links into such files and can also be used to send out spam, the organization said.

McAfee Inc. is also reporting a spam campaign that exploits the flaw, saying it has detected "many Web sites linking to other sites that attempt to exploit this vulnerability."

Late last week, third-party security organizations started releasing their own fixes for the flaw, including Aliso Viejo, Calif.-based eEye Digital Security and the Zero-Day Emergency Response Team (ZERT).

"This is a very serious vulnerability that is almost certain to be exploited on a wide-scale basis," ZERT member Randy Abrams said in an emailed statement. "If the vulnerability were limited to animated cursors alone it would not be as serious, but there are reports of .jpg files, which are very commonly used in Web pages, being exploited as well."

Tags: Security Patch Management,  Securing Productivity Applications,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws Securing Productivity Applications Adobe ColdFusion websites being compromised Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Emerging Information Security Threats New attack code targets Microsoft ActiveX zero-day vulnerability Adobe ColdFusion websites being compromised Antispyware buying guide for Indian enterprises ATM malware lets attackers take over machines FTC shutters rogue ISP for hosting malicious content, botnets The failing war against cybercriminals White House cybersecurity czar faces major hurdles Cybercrime and threat management The Pipe Dream of No More Free Bugs Face-off: Who should be in charge of cybersecurity?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary