ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  033007-01 Alert Date:  03/30/07 Alert Title:  Microsoft Animated Cursor vulnerability Update-to:   None OS/Platform/Application:   Microsoft Windows Vista Microsoft Windows XP (including Service Pack 2, 64-Bit and Itanium-based systems) Microsoft Windows Server 2003 (including SP1, x64, and Itanium-based Systems) Microsoft Windows 2000 Service Pack 4 Category:  ALERT Severity:  HIGH Attention:  System Administrators, Desktop Support Personnel, Microsoft Windows users

Summary:  Microsoft and numerous Internet Security-related agencies are reporting the existence of an animated cursor (.ani file) handling vulnerability in Microsoft Windows.  At the time of this writing (8:30 EST 3/30/07) there are numerous reports of active exploits circulating for this vulnerability and no patch is yet available from the vendor to address the issue.  The most likely vector of exploitation requires a user to visit a specifically-crafted website or open a similarly-crafted email message. 

Recommended Actions:  Microsoft has issued security advisory 935423 in order to describe the issue in detail and also to offer several workaround procedures to minimize the risk of exposure.  Windows system administrators and users are highly encouraged to read the security advisory and associated bulletins (links provided below) for more information and to consider implementing one or several of the workarounds/practices offered by these documents.

UA staff are also highly encouraged to share this information with family and friends, home users, etc due to the unpatched and wide-ranging risk currently associated with this vulnerability.

ITS Actions:  At this time, ITS is taking no specific additional actions to address this vulnerability.  An update will be issued if any actions are implemented.

Resources:

SANS Advisory:
http://isc.sans.org/diary.html?storyid=2534