Microsoft Bandages Ani Vulnerability
The Tuesdays’ Microsoft "critical" out-of cycle security update release has fixed the animated cursor vulnerability that potentially let attackers to take control of a system. Often termed as the ANI vulnerability, the flaw is linked to animated cursor files that normally have the .ani suffix. The Flaw that was
The subject of great concern for the Security companies, which have detected several different attacks from hundreds of sites, the flaw urgently required to be patched. The Security vendor Websense reported that it had detected one particular attack that been installed more than 450 compromised web sites, resulting in "tens of thousands of pages with exploit code links on them" to silently install a generic password stealer when people visit the pages.
Yet Christopher Budd, the Microsoft security program manager wrote in the Microsoft Security Response Center Blog "We have been monitoring the situation throughout and our indications, and those of our MSRA partners, show there is a threat for attacks against this vulnerability to increase although we haven’t seen anything widespread. Based on customer feedback and our teams’ ability to complete testing in an expedited manner by working around the clock, we’ve gone ahead and released this update early to help better protect customers from this threat."
The update has also bandaged other, less severe vulnerabilities in Windows' Graphics Device Interface (GDI) code. Most allow privilege elevation and are rated "important"; one allows a malformed WMF file to freeze or possibly restart a system.
Tuesday's patch applies to Windows 2000, XP, Server 2003 and Vista. It can be downloaded from Microsoft's web site (via this page) or installed through Software Update. However, one problem with the patch, which has already been keyed out is that “it conflicts with the Realtek HD Audio control panel.” A hotfix is available from Microsoft.
The regular Patch Tuesday is scheduled for next week. Though no details have been released yet, Microsoft still expects to release updates on that day.