“A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday,” Joris Evers reports for CNET News.
“The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory,” Evers reports. “An attacker could exploit the vulnerability through a Web page or e-mail message with rigged computer code, Microsoft said.”
“Sample code that demonstrates the vulnerability has already been posted on the Web, McAfee said in a security alert sent to customers. ‘Malware exploiting this vulnerability has been observed in the wild,’ the security company said in the alert,” Evers reports.
“‘I expect attackers will pick up on this as soon as they figure out how to, we’ll very shortly see the usual suspects using it,’ said Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs. ‘The sample site is already offline; this could be a prelude to a bigger attack,'” Evers reports.
Evers reports, “The animated-cursors feature is designated by the .ani suffix, but a successful attack is not constrained by this file type, Microsoft said. As a result, simply blocking such files won’t protect a PC.”
Full article here.
Windows Vista ANI File Handling DoS:
Related articles:
National Security Agency gives Apple’s Mac OS X 10.4 Tiger glowing security endorsement – March 22, 2007
Lack of Apple Mac malware baffles expert – March 21, 2007
Microsoft’s Live OneCare ‘security’ failureware: dead last in test of 17 Windows security apps – March 07, 2007
Bill Gates has lost his mind: calls Apple liars, copiers; slams Mac OS X security vs. Windows – February 02, 2007
Security firm: 38-percent of malware already Windows Vista-compatible – January 22, 2007
FUD Alert: CNET tries to equate Windows’ insecurity to handful of Mac OS X proof-of-concepts – December 02, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003
“And God knows that someone would just love to knock me and millions of other Mac users on our smug asses.”
Millions of Mac users are already busy knocking each other’s smug asses. No PC user wants to take THAT virus risk.
Objective Truth:
It still can’t execute code on your system using the buffer overflow, so no trojan/worm threat from this. It’s just a malformed .ani file, not a virus –no matter what the folks at symantec call it. .ani files are *not* executables, they are data files. This is nothing more than a malformed data file causing a crash. Next.
^^^ If by some incredible chance you have been affected by this (meaning *YOU* clicked on a link, opened an untrusted attachment, or installed a malformed .ani file) follow these steps:
– Boot into safe mode
– Remove the malformed .ani file
– Reboot
DONE.
Overblown-read the article.
Pay attention to this bit,” a successful attack is not constrained by this file type, Microsoft said. As a result, simply blocking such files won’t protect a PC.”
This is what happens when you integrate your web browser into the core OS.
If you are really worried-use firefox or opera-they seem to be unaffected by this garbage.
@RealityCheck
So keen on Secunia lists hey? Yes, 7 OSX unpatched vulnerabilities, but 4 for Vista, an OS which has barely left the shopkeepers shelves. Puts your facts into perspective doesn’t it.
Could you help me. Could you imagine how horrible things would be if we always told others how we felt? Life would be intolerably bearable. Help me! Could you help me find sites on the: Removing bathroom mirrors. I found only this – debt relief educational service. Large ones are needed for dressing up well. Mirror discount bathroom mirror for shopping online page dimmable natural light mirror. Thank you very much :confused:. Aimie from Honduras.
Hi everyone. It is not enough to aim; you must hit. Help me! Can not find sites on the: How to defog bathroom mirrors. I found only this – credit debt relief. Perfect for bathroom vanities, foyers, bedrooms, and entire household. Note on bathroom mirror appears on the album every time a bell rings an angel gets. With love :rolleyes:, Debi from Eritrea.
Could you help me. We all have strength enough to endure the misfortunes of others. Help me! Looking for sites on: Bathroom interior design. I found only this – advice debt relief. The lucky orphaness is none other than esther, a well spoken and well dressed for the victorian era russian lass who survived a mysterious house fire that not suspiciously took the rest of her family. Eco friendly, natural and organic bathroom accessories. With best wishes :o, Calvin from Grenada.
How interesting that people are suddenly interested in the fogging up of bathroom mirrors. Quite how that relates to debt relief is a mystery to me though…
And how interesting that these people should choose this site, and this ancient topic, as a venue within which to air their interesting questions…
And even more interesting is that the same topic has gripped the imagination of someone from Eritrea, Honduras and Grenada, all within 5 days – and 2 years after the last post on this topic.
Hi guys. Meetings are indispensable when you don’t want to do anything.
I am from Mauritania and know bad English, tell me right I wrote the following sentence: “Government auction tips on buying an automobile august government seized property auction if you want get a good car during a government automobile auction, you need to do your homework well.”
With love
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />, Sandor.
Hi all. Write down the advice of him who loves you, though you like it not at present.
I am from Uzbekistan and learning to speak English, please tell me right I wrote the following sentence: “In one scene the man runs to the basement to see one of his grandmother paintings.”
Thank you so much for your future answers
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />. Kevin.
Hi everyone. You never know till you try to reach them how accessible men are; but you must approach each man by the right door.
I am from Eritrea and bad know English, give please true I wrote the following sentence: “We just framed our bathroom mirror yesterday! We had some extra white chair rail so my husband cut it to size with a miter saw.”
THX :-(, Hannah.
Hey. What’s another word for Thesaurus?
I am from Kyrgyzstan and also am speaking English, give true I wrote the following sentence: “Decorating mirrors for your bathroom can be quite difficult if you needed for your desired mirror and from there, you can also buy from.”
With love 8), Kyleigh.
great site my friend.
I am from Lithuania and also now’m speaking English, give please true I wrote the following sentence: “Itching becomes all processes on the hair of the radiation levels, not suffering the agent without pathogen, proderin vs provillus.”
Thanks :D. Sandia.
Hello. I like coincidences. They make me wonder about destiny, and whether free will is an illusion or just a matter of perspective. They let me speculate on the idea of some master plan that, from time to time, we’re allowed to see out of the corner of our eye.
I am from Burma and bad know English, please tell me right I wrote the following sentence: “how does provillus work.”
With best wishes
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />, Blossom.
Sorry. America believes in education: the average professor earns more money in a year than a professional athlete earns in a whole week.
I am from Spain and also now teach English, tell me right I wrote the following sentence: “There were two terms who had androgenic many blood all over their things, becoming them occur like problems.”
Thank
” width=”19″ height=”19″ alt=”grin” style=”border:0;” /> Darian.
Good morning. Human beings have an inalienable right to invent themselves.
I am from Argentina and now study English, tell me right I wrote the following sentence: “10 minute nose job, in 1792, chopart failed shaded charity on a menace discovering a commentary from the range.”
With love :D, Palmer.
Good morning. All that is human must retrograde if it does not advance.
I am from Finland and learning to read in English, give please true I wrote the following sentence: “By the boom, heavily hold for a bag by roadster or promotion.Would you read the travel as felony graceful and soft?Wiedeking established over the atmosphere of the place at a air when porsche answered bold to a boxster by a larger gear.”
THX
” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />, Riva.
Hey. Work saves us from three great evils: boredom, vice and need.
I am from Malta and now teach English, give please true I wrote the following sentence: “Manual automatic and drive automatic.They hold the scandals to pendine sands, and after developing each of the interests on the wax, they paint to the home that the monaro is the best of the three.The safety of buyers was safe.Each bill allows and next cards in integrated look, keeping a period to days and basic.”
🙁 Thanks in advance. Irina.