TECH.BLORGE.com
VISTA.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

April 2, 2007 |

Microsoft drags feet on ANI security fix, may delay release

By George Gardner





Microsoft drags feet on ANI security fix, may delay release A flaw was exposed last Wednesday in multiple versions of Microsoft Windows operating systems that allows hackers to take complete control of your system through a simple mouse cursor. At the time, the threat was regarded as minor; however, last night, Microsoft’s security program manager, Christopher Budd, confirmed the attacks have been increasing, and instructs users to seek help from their antivirus and security software until Microsoft issues a fix for this Windows vulnerability.

The mouse cursor, particularly an animated cursor, can be activated through any web page with 1 simple line of HTML code; but given the way Windows handles animated cursors, could allow an attacker to execute arbitrary code on a users machine without awareness.

Given that the attack was exposed before Microsoft issued a fix (which they call an “update”), this fragility in the Windows operating system is starting to become widespread, with attacks increasing by the day.

Unfortunately, this flaw carries a history which dates back to 2006; Microsoft knew of the vulnerability. 

“We have been working on this investigation since December to fully understand the issue and have been working to develop a comprehensive update as part of our standard MSRC process,” said Christopher Budd, on the Microsoft Security Response Center blog.

Microsoft started working around the clock to fix this issue only after attacks against this weakness increased and disclosure of proof-of-concept code was submitted to the public.

Surprisingly, a couple of 3rd party updates have been released that offer, at the very least, a temporary solution to this problem; however, Microsoft does not suggest the use of any security updates that were not issued by Microsoft.

“This is because as the maker of the software, we can give our security updates and guidance thorough testing and evaluation for quality and application compatibility purposes,” added Budd.

So when will a fix update be released? Not even Microsoft can answer that question for certain. Hinting towards the possibility that issues may arise, Budd noted that such events may force Microsoft to delay the release.

Related:

  • Microsoft delays Red Zune 80s, misses Valentine’s Day release
  • Microsoft no-security-patch statement gives cybercrooks more time
  • FCC drags feet on free wireless Internet proposal
  • Will Apple really delay Leopard to accommodate Vista integration?
  • Security headaches for Excel users as Microsoft warns of zero-day attack




    • Sign up for the BLORGE daily email newsletter

    Entry was posted on Monday, April 2nd, 2007 at 4:34 am under Microsoft, Opinion, Security.

    Read more entries by George Gardner.
    StumbleUpon Toolbar Stumble It!

    Leave a Reply:

    Copyright © 2008 Engaging and compelling blogs that entertain and inform