MS releases emergency cursor bug fix
Print storyDouble-plus critical update triggers glitches
Posted in Enterprise Security, 4th April 2007 11:25 GMT
Microsoft has released an out-of-sequence patch designed to address a Windows vulnerability involving the handling of cursor animation files, as well as a number of other flaws.
The prime focus of the update is a stack buffer overflow flaw involving Windows' handling of animated cursor (.ANI) files. The flaw, first reported last week, creates a means for hackers to inject hostile code into unpatched systems and has become the target of widespread hacking attacks. Internet Explorer can process ANI files in HTML documents, so web pages and HTML email messages can also be vectors for the vulnerability.
Microsoft responded to reports of widespread abuse of the flaw by pushing out an emergency fix on Tuesday, 3 April, a week before its regular Patch Tuesday update. The patch also addresses a number of vulnerabilities, involving privilege escalation, denial of service and remote code execution flaw.
Early reports suggest a number of glitches with the update. In particular, the patch can conflict with systems running Realtek Audio cards, prompting Microsoft to release a hotfix. ®
Securing your Online Data Transfer with SSL
The Botnet Threat
Extended Validation SSL Certificates
Spam Spikes: A Real Risk to Your Business
Netbooks and Mini-Laptops
Emails show journalist rigged Wikipedia's naked shorts
Yours truly, angry mob