ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  033007-02 Alert Date:  03/30/07 Alert Title:  UAlbany blocking .ani file extensions Update-to:   none 033007-01 "Microsoft Animated Cursor vulnerability" OS/Platform/Application:   Microsoft Windows Vista Microsoft Windows XP (including Service Pack 2, 64-Bit and Itanium-based systems) Microsoft Windows Server 2003 (including SP1, x64, and Itanium-based Systems) Microsoft Windows 2000 Service Pack 4 Category:  ALERT Severity:  N/A Attention:  System Administrators, Desktop Support Personnel, Microsoft Windows users

Summary:  In accordance with the recommendations of the NYS Cyber Security & Critical Infrastructure Coordination department and other Internet security agencies the University at Albany has enacted a temporary block of all files with Windows animated cursor (.ani) file extensions.  This block is being put into place to address an as-yet unpatched security vulnerability in multiple versions of Microsoft windows and is intended to help minimize the risk of exposure via specifically-crafted email messages.  Please be aware that the block will -not- necessarily reduce the risk of exposure via other means such as web pages, etc.  Readers are advised to be be extremely cautious when visiting untrusted websites, etc.

The text of the original ALARM alert pertaining to this issue is presented below for reference:

At approximately 11 AM today (3/30/07) The university  Microsoft and numerous Internet Security-related agencies are reporting the existence of an animated cursor (.ani file) handling vulnerability in Microsoft Windows.  At the time of this writing (8:30 EST 3/30/07) there are numerous reports of active exploits circulating for this vulnerability and no patch is yet available from the vendor to address the issue.  The most likely vector of exploitation requires a user to visit a specifically-crafted website or open a similarly-crafted email message. 

Recommended Actions:  Microsoft has issued security advisory 935423 in order to describe the issue in detail and also to offer several workaround procedures to minimize the risk of exposure.  Windows system administrators and users are highly encouraged to read the security advisory and associated bulletins (links provided below) for more information and to consider implementing one or several of the workarounds/practices offered by these documents.

UA staff are also highly encouraged to share this information with family and friends, home users, etc due to the unpatched and wide-ranging risk currently associated with this vulnerability.

 N/A (this is an update)

Resources: