Microsoft Windows has a vulnerability in its handling of animated
cursors.
Sophos, a world leader in IT security and control, has warned
computer users of a zero day vulnerability in the way that
Microsoft Windows handles animated cursors (.ANI files). Multiple
versions of Microsoft Windows are affected by the unpatched
vulnerability, including Windows Vista.
According to an advisory by Microsoft, Windows 2000, XP, Server
2003 and Vista are said to be affected by the flaw, which has been
exploited by hackers in targeted attacks.
"Animated cursors are typically used by website developers to
enrich users' online experiences, but a twirling hourglass is
hardly worth the risk of a malicious attack. Sadly users don't get
a choice as to whether a website attempts to animate their cursor
or not, and hackers could use the vulnerability to run malware,"
said Graham
Cluley, senior technology consultant for Sophos. "Microsoft
will be scrabbling to fix this vulnerability at the earliest
possible opportunity, as hackers are already exploiting the
security loophole in their attempt to infect innocent computer
users."
Sophos researchers have analyzed malware which exploits the
Microsoft vulnerability, issuing protection against the Troj/Animoo-U Trojan
horse at 23:46 GMT on 29 March 2007.
Microsoft has published an advisory on its
website which discusses the vulnerability.
Sophos experts note that this is not the first occasion when
Microsoft products have been exploited through malware which takes
advantage of security vulnerabilities in the way Windows handles
animated cursors and icons.
In January 2005, Microsoft issued Security Bulletin
MS05-002 which detailed a critical security vulnerability in
the Windows implementation of animated cursors which allowed
hackers to remotely execute code, and advised customers to apply
the protection update immediately.
"Unfortunately Microsoft's patch from early 2005 does not
protect against this latest vulnerability," continued Cluley.
Sophos continues to recommend that all organizations protect
their email with an integrated security
solution to thwart spam, spyware and malware threats.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.