Menu
Microsoft patches Windows cursor vulnerability

Microsoft patches Windows cursor vulnerability

Microsoft patched the already-exploited Windows animated cursor vulnerability with a critical out-of-cycle security update that also fixed six other flaws.

The MS07-017 security bulletin, released a week ahead of the regularly scheduled April 10 patch date, fixes the ANI vulnerability that first surfaced last week when Microsoft acknowledged ongoing attacks. Since then, the bug has been tagged as very dangerous by security experts, has been distributed by hundreds of malicious Web sites, and was the focus of multiple spam campaigns designed to dupe users into visiting criminal Web sites.

The Tuesday update is only the third since January 2005 to be posted outside the normal monthly schedule.

Microsoft based the early release decision on its own prognostications. "We have been monitoring the situation throughout and our indications, and those of our MSRA [Microsoft Security Response Alliance] partners, show there is a threat for attacks against this vulnerability to increase, although we haven't seen anything widespread," Christopher Budd, program manager at Microsoft Security Response Centre (MSRC), said in a blog entry on Tuesday.

The security bulletin rates the ANI bug as critical -- Microsoft's highest threat level in its four-step system -- across all supported editions of Windows: 2000, XP SP2, Windows Server 2003 and Vista. The vulnerability marks the first critical Vista bug disclosed and patched since the operating system's release and the first flaw in Vista's own code.

Six other vulnerabilities were patched in the update; five were rated important -- one step below critical -- while the sixth was ranked even lower, as moderate. The half dozen fixes deal with a denial of service bug triggered by malicious Windows Metafile images; a vulnerability in Enhanced Metafile (EMF) image files that can elevate an attacker's privileges on a compromised computer; and a similar flaw in Windows' graphics rendering engine. Six of the seven flaws fixed on Tuesday allow hackers to hijack a PC.

Vista also is affected by the EMF vulnerability, says Microsoft, although it rated the threat as important, not critical.

Users can obtain the MS07-017 patches via Windows' Automatic Update, from the Microsoft Update service or through enterprise tools such as Windows Server Update Services (WSUS) and Software Update Services (SUS).

Even with the seven fixes issued, Microsoft said its regularly-scheduled updates next week will still take place.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoft

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments