MS releases emergency cursor bug fix
Print storyDouble-plus critical update triggers glitches
Posted in Enterprise Security, 4th April 2007 11:25 GMT
Free whitepaper – Vulnerability management buyer's checklist
Microsoft has released an out-of-sequence patch designed to address a Windows vulnerability involving the handling of cursor animation files, as well as a number of other flaws.
The prime focus of the update is a stack buffer overflow flaw involving Windows' handling of animated cursor (.ANI) files. The flaw, first reported last week, creates a means for hackers to inject hostile code into unpatched systems and has become the target of widespread hacking attacks. Internet Explorer can process ANI files in HTML documents, so web pages and HTML email messages can also be vectors for the vulnerability.
Microsoft responded to reports of widespread abuse of the flaw by pushing out an emergency fix on Tuesday, 3 April, a week before its regular Patch Tuesday update. The patch also addresses a number of vulnerabilities, involving privilege escalation, denial of service and remote code execution flaw.
Early reports suggest a number of glitches with the update. In particular, the patch can conflict with systems running Realtek Audio cards, prompting Microsoft to release a hotfix. ®
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive