Menu
Security fears force Microsoft to patch bug early

Security fears force Microsoft to patch bug early

Microsoft will patch the increasingly dangerous Windows animated cursor vulnerability tomorrow, a week early, a spokesman of the company's security team says.

"Microsoft originally planned to release the update on Tuesday, April 10, as part of its regular monthly release of security bulletins," the spokesman says in an email. "However, Microsoft is aware of the existence of a public attack utilizing the vulnerability, [and] since testing has been completed, Microsoft will release the update ahead of schedule to help protect customers."

The announcement followed a weekend of escalating warnings from security organisations and reports from China's Internet Security Response Team of a worm in the wild using the unpatched vulnerability. Symantec and other antivirus companies confirmed the existence of the Fubalca worm on Sunday.

Over the weekend, a number of events showed the speed with which attackers were moving. First, exploit source code was publicly posted on a security mailing list, then McAfee says it had seen at least one spam run that linked to the exploit, and finally, Websense claimed that it had spotted more than 100 malicious sites spreading the exploit, a tenfold increase over the day before.

Last Saturday, Microsoft's Security Response Centre (MSRC) added Windows Server 2003 Service Pack 2 to the long list of Windows editions affected by the bug. Christopher Budd, an MSRC program manager, acknowledged that attacks leveraging the flaw had increased. "In light of these points and based on customer feedback, we have been working around the clock to test this update," Budd says on the MSRC blog.

The emergency fix, pegged as MS07-017, will be released through Microsoft's normal channels, including Automatic Updates, Windows Update and the enterprise-oriented Windows Server Update Services. MS07-017 will be only the third out-of-cycle patch from Microsoft in more than two years.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags WebsencesymantecMicrosoft

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments