Microsoft warns of zero-day Windows bug

Bug in Windows' Animated Cursor acknowledged

Microsoft confirmed Thursday that Windows, including Vista, contains a critical unpatched vulnerability that can be used by attackers to usurp PCs when users surf to malicious sites.

In a security advisory posted Thursday morning, Microsoft's Security Response (MSRC) team acknowledged a bug in Windows' Animated Cursor, a component that lets developers show a short animation at the mouse pointer's location. Animated cursor files typically use the .ani extension, but the MSRC warned that hackers might disguise malicious animated cursors with other extension. The SANS Institute, in fact, said it had received reports of in-the-wild exploits using files renamed to .jpg.

"An attacker could try to exploit the vulnerability by creating a specially crafted Web page," the Microsoft advisory warned. "An attacker could also create a specially-crafted e-mail message and send it to an affected system. Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code."

Anti-virus vendor McAfee first noted the drive-by vulnerability late yesterday, when Craig Schmugar, the virus research manager at the company's Avert Labs, blogged about tests that showed an up-to-date copy of Windows XP SP2 was vulnerable via Internet Explorer 6 and 7. According to Schmugar, users running Firefox 2.0 appear to be safe from drive-by exploits using the vulnerability.

Although Microsoft listed Windows Vista among the affected editions -- which include Windows 2000, XP and Server 2003 -- it also said that on Vista, IE 7 in its default configuration would protect users. "Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known Web-based attacks due to Internet Explorer 7.0 protected mode," the MSRC said. However, protected mode, while on by default, can be disabled by the user.

Simply by dragging a malicious .ani file to the Vista desktop, Schmugar was able to send the operating system over the edge, and into an endless "crash-restart" loop. He has posted a video of the Vista crash on the Avert Labs site, as well as on YouTube.

In response to the new threat, security companies immediately issued their own alerts and raised overall Internet risk rankings. Symantec, for example, pushed its ThreatCon to "2."

The MRSC downplayed the threat by claiming only "very limited" attacks were in progress and saying they were "not widespread" at the moment. "[But] we are monitoring the issue and will update the advisory as new information becomes available," Adrian Stone, an MSRC program manager, said mon the group's blog.

Microsoft said it would patch the bug in a security update, but would not commit to a when. "[We] will release un update for this issue at the conclusion of our investigation," a spokeswoman said today.

The next scheduled update cycle for the Redmond, Wash. developer is April 10. Until then, Microsoft's advice to users remained basic: "Do not visit untrusted Web sites or view unsolicited e-mail."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?