ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
alerts_tag
UPDATE: New Vulnerability in Windows Animated Cursor



ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number:  040307-01
Alert Date:  04/03/07
Alert Title:  New Vulnerability in Windows Animated Cursor Handling Could Allow Remote Code Execution
Update-to:   033007-01 Microsoft Animated Cursor vulnerability
OS/Platform/Application:  
Microsoft Windows 2000 SP4 
Microsoft Windows XP SP2
Microsoft Windows XP 64-bit Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Vista
Category:  UPDATE
Severity:  HIGH
Attention:  System Administrators, Desktop Support Personnel, Windows Domain Administrators

Summary: 

ORIGINAL OVERVIEW:
A new vulnerability has been discovered in Microsoft Windows in the way animated cursor files are processed. This vulnerability can be exploited if a user visits a malicious webpage that exploits the vulnerability, views a malicious email message in an HTML format, or opens a malicious email attachment. Successful exploitation of this vulnerability could lead to complete control of the affected system.

Please note that there is proof-of-concept code available publicly on the Internet. This vulnerability is currently being exploited.

MARCH 30 UPDATED INFORMATION:
This vulnerability can also be exploited if a user previews a malicious email in plain text mode for the Outlook Express email client. This vulnerability may also be exploited if a user replies or forwards a malicious email with "Read in plain text" set for the Vista Mail email client. In addition, a list of known websites has been published that contain this vulnerability.

APRIL3 UPDATED INFORMATION:
Microsoft has released a new security bulletin (MS07-017) that supplies a patch that addresses animated cursor vulnerability. See references for patch download locations and additional information. We recommend that this patch be installed on all affected systems as soon as possible after appropriate testing.

Recommended Actions: 

APRIL 3 UPDATED RECOMMENDATIONS:

Apply all appropriate patches provided by Microsoft to vulnerable systems as soon as possible after appropriate testing. A listing of those patches is located at:  http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx


ITS Actions:  ITS has blocked ANI attachments and is currently blocking some sites that have been confirmed as distributing malware via this vulnerability.

Resources:

APRIL 3 UPDATED REFERENCES:

Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

Websense Security Labs:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=764

 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies