TELECOM Digest OnLine - Sorted: Microsoft Rushes Animated Cursor Security Patch to Users


Microsoft Rushes Animated Cursor Security Patch to Users


Reuters News Wire (reuters@telecom-digest.org)
Mon, 02 Apr 2007 14:36:16 -0500

Microsoft issuing animated cursor security patch

Microsoft Corp. plans to patch a security hole in Windows on Tuesday
related to an animated cursor that hackers have used to launch attacks
after users click on links to malicious Web sites.

Microsoft, whose Windows operating system runs on some 95 percent of
the world's computers, said it would release the patch outside of a
regular monthly security update because it completed testing earlier
than anticipated.

"Microsoft's monitoring of attack data continues to indicate that the
attacks and customer impact is limited," the world's biggest software
maker said in a statement.

Security firm F-Secure said attacks using the flaw related to cursor
animation files used by Windows intensified over the weekend, with the
majority tracing back to different Chinese hacker groups.

It said most of the activity around the so-called ANI exploit has been
via dozens of malicious Web sites but warned that on Sunday the first
Internet worm, able to replicate without the user doing anything to the
machine, was found using the flaw to spread.

"This vulnerability is really tempting for the bad guys," said Mikko
Hypponen, chief research officer at F-Secure. "It's easy to modify the
exploit, and it can be launched via Web or e-mail fairly easily."

Microsoft has been working to improve the security and reliability of
its software as more and more malicious software targets weaknesses in
Windows and other Microsoft software.

The company said it was working with authorities investigating the
latest attacks and that consumers could visit Microsoft Update or
Windows Update or get more information at:

http://www.microsoft.com/athome/security

"Exploitation may occur when a user clicks a malicious link, reads or
forwards a specially-crafted HTML e-mail, or accesses a folder
containing a malicious animated cursor file," said a technical bulletin
from the U.S. government-backed Computer Emergency Readiness Team.

Copyright 2007 Reuters Limited.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

For more news and headlines, please go to:
http://telecom-digest.org/td-extra/newstoday.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Byron Acohido & Jon Swartz, USA Today: "Cybercrime Flourishes in Hacker Online Forums"
Go to Previous message: Patrick Townson: "No April Fools Messages This Year?"
TELECOM Digest: Home Page