Advertisement
Promo

Security threats Toolkit

Windows cursor flaw poses 'drive by' risk

Joris Evers CNET News

Published: 30 Mar 2007 09:41 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday.

The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory.

An attacker could exploit the vulnerability through a web page or email message with rigged computer code, Microsoft said.

"Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment, the attacker could cause the affected system to execute code," Microsoft said in its advisory.

Such holes are often exploited by cybercrooks to do "drive-by" installations of malicious software. Spyware and remote control tools that turn PCs into drones for the attacker are silently loaded onto vulnerable computers by tricking people to visit a rigged website or hacking a trusted site.

Sample code that demonstrates the vulnerability has already been posted on the web, McAfee said in a security alert sent to customers. "Malware exploiting this vulnerability has been observed in the wild," the security company said in the alert.

Other security experts also raised an alarm. "I expect attackers will pick up on this as soon as they figure out how to, we'll very shortly see the usual suspects using it," said Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs. "The sample site is already offline; this could be a prelude to a bigger attack."

Animated cursors allow a mouse pointer to appear animated. The animated-cursors feature is designated by the .ani suffix, but a successful attack is not constrained by this file type, Microsoft said. As a result, simply blocking such files won't protect a PC.

The exposure to attacks that exploit the flaw is mitigated on Vista machines with Internet Explorer 7, Microsoft noted. IE7 protected mode shields the computer against drive-by installations because the browser is restricted to where it can write files.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
11 out of 11 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

Integration Architect/Manager Websphere MQ,WMQ,WMB, Message Broker

EDI ANALYST WITH MESSAGE BROKER: SOUTH EAST

Message Broker AP

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

1 comment

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters