Security flaw puts puts Windows, including Vista, PCs at risk; malware already observed in the wild

Apple Store“A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday,” Joris Evers reports for CNET News.

“The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory,” Evers reports. “An attacker could exploit the vulnerability through a Web page or e-mail message with rigged computer code, Microsoft said.”

“Sample code that demonstrates the vulnerability has already been posted on the Web, McAfee said in a security alert sent to customers. ‘Malware exploiting this vulnerability has been observed in the wild,’ the security company said in the alert,” Evers reports.

“‘I expect attackers will pick up on this as soon as they figure out how to, we’ll very shortly see the usual suspects using it,’ said Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs. ‘The sample site is already offline; this could be a prelude to a bigger attack,'” Evers reports.

Evers reports, “The animated-cursors feature is designated by the .ani suffix, but a successful attack is not constrained by this file type, Microsoft said. As a result, simply blocking such files won’t protect a PC.”

Full article here.

Windows Vista ANI File Handling DoS:

Related articles:
National Security Agency gives Apple’s Mac OS X 10.4 Tiger glowing security endorsement – March 22, 2007
Lack of Apple Mac malware baffles expert – March 21, 2007
Microsoft’s Live OneCare ‘security’ failureware: dead last in test of 17 Windows security apps – March 07, 2007
Bill Gates has lost his mind: calls Apple liars, copiers; slams Mac OS X security vs. Windows – February 02, 2007
Security firm: 38-percent of malware already Windows Vista-compatible – January 22, 2007
FUD Alert: CNET tries to equate Windows’ insecurity to handful of Mac OS X proof-of-concepts – December 02, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003

69 Comments

  1. Ok so again here is the Security by Obscurity myths. If I remember right classic OS did have some viruses, maybe a couple hundred or so, I am not sure. And how much has the installed user base changed since 1998 or ’99?

    OS X has been around for YEARS!! Vista, and it’s new regard to security, has been out how long? And here we are talking about a VULNERABILITY. So you may say it’s still Windows and since it works on XP it effects Vista. Well I think that might be a valid argument to how things have NOT changed at M$. No matter how small the Mac community is, M$’s digital muck will still be playing Apple catch-up and allowing their users to consistently lose data.

    BTW when the bully get’s his A$$ kicked at the playground I love hearing about it. Keep the painful windows news coming.

  2. More and more everyday, using a Mac at this time in our history reminds me of Noah’s Ark. One day, Mac users will get to say “told you so” if we can’t already. Windows users can fight for another 20 years, but when the floods come, Mac users will continue to rise above. We Mac users may be a smaller percentage of the “popular population,” but then again, we don’t have design and redesign vicarious floatation devices just to breath air for another few minutes.

    When arguing with closed-minded inviduals such as Noah had to, I am reminded that we don’t actually want to see PC users suffer as much as they do; then turn around and listen to the reasons why “suffering is okay as long as everyone else is.”

    What I’d like to know is at what point did Noah have to say, “quit making excuses and get on the damn boat!”

  3. As anyone with a brain can clearly see, this particular Vista security flaw is already out in the wild. Currently there are no OS X security flaws being exploited out in the wild. Sorry Windows fanboyz, but in the end, that’s all that really counts….

  4. Okay, a few MS trolls have already come out. One thing about security through obscurity…there’s not one piece of OSX malware out in the wild.

    And the obscurity myth fails to take one thing into account: ego. I can’t imagine that there is not any hacker or cracker out there who wouldn’t kill to come out with the first exploit for OSX. The bragging rights would be incentive enough for some very talented and creative (though evil) people to try. The first real exploit to get through OS X’s defenses would give someone a degree of hacker immortality, and a fair amount of publicity and notoriety.

    If an exploit happened, MS and its army of minions and trolls would be shouting the fact from every mountain top. And God knows that someone would just love to knock me and millions of other Mac users on our smug asses.

    Windows is just inherently more insecure than OS X.

  5. Lardlad…
    The Classic Mac System/OS I believe had about 60 viruses in the 18 or so years it existed before Mac OS X was officially released in 2001.

    I find it interesting that all these supposed Mac OS X vulnerabilities have been “demonstrated” and/or reported by so-called security and virus software developers.

    They’re really just trying to spread that warm and cozy blanket of FUD to us Mac users so we can really feel like we’re part of something really BIG!

    PS: I think Reality Check has a bit too much time on his hands…

  6. @Reality Check
    The “vulnerability” you mention about the crafted jpg’s in safari was noted on February 20th, 2006. Patched by Apple on Feb 28th, 2006. Hmmmm… eight days. Not too bad to be secure again. Eight days of possible hits. Not a one reported.

    Lets see how long it take MS to patch this one. And how many people actually get hit.

    @Noahs Ark..
    I Loved your analogy. how it rings true.

  7. Re: Wow! Why do you stick around this site?

    RC is right about one thing. MDN has kept shoving more popunders down our throats and has become as obnoxious as porn sites. I for one do not like it either because it has turned MDN, which I have read since 2001, into a troll site. The only way MDN will change it is if we all leave.

  8. @Reality Check,

    I usually do not mind people who criticize Apple because I too get caught up in MS and PC bashings (cause it is just soooo easy). However, I am aware Apple is not perfect and I try to sift through the criticisms to separate them fromt he trolls who just sput nonsense. If indeed you are serious then may I suggest you keep a more even keel (read mature) to your comments.

    Saying childish things like….”Pissing me off is the wrong thing to do – I’ll post the instructions… or ” in the shadow of the Great Microsoft Mountain” just ruins any credibility you may have.

    Now drink your milk and go to bed or you will be grumpy when you go to school in the morning.

  9. Ever notice that all Mac “viruses” are always demo’d in controlled lab type conditions..and for Mac “viruses” to work there has to be a levitating elephant involved…pigs need to fly…etc.

    But “viruses” for the secure Vista are always found in the wild.

    yet another reaason to stick to OS X.

    Just my $0.02

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.