Official and private launch to deal with the Windows animation cursor Vulnerability

Last Thursday, Microsoft issued a security report to confirm the existence and danger of the Windows animation cursor (. Ani) vulnerability.

Last Friday, the Windows animation cursor (. Ani) vulnerability was exploited, and many users of Microsoft operating systems were maliciously attacked.

Last Saturday, the unofficial organization eeye developed a patch for this vulnerability (author Derek soeder-eeye digital security). After testing, this patch can effectively solve the problems caused by this vulnerability, install this patch to prevent problems caused by this vulnerability.

Click to download the patch

Last Sunday, Microsoft may be unable to cope with such a large security vulnerability, and the first vulnerability patch was discovered by others.ProgramIt was released by "people". Microsoft said on Sunday, a local time in the united states that "an emergency patch will be provided soon to deal with the Windows security vulnerabilities that have been exploited ."

Windows animation cursor (. Ani) is not targeted at vista. Windows 2000 SP4, Windows XP SP2, and Windows Server 2003 sp2 are not spared.

Microsoft said in an e-mail that the related tests have been completed in advance, so Microsoft decided to release the security patch on Tuesday of the local time and will not wait until the monthly "patch day" of April 10 ". It can also be seen how dangerous the vulnerability is!

According to Microsoft, the analysis of attack data shows that "attacks and users are affected in a very limited scope". Users only need to update the released patch to "ensure security ". In addition, Microsoft said it was ready to hold attackers legally accountable.

Features of Windows animation cursor (. Ani) vulnerability attacks

A buffer overflow vulnerability exists in Microsoft Windows when processing malformed animation Icon files (. Ani). Remote attackers may exploit this vulnerability to control user machines. Microsoft Windows does not correctly verify the size specified in the ani header when processing malformed files (. Ani), resulting in a stack overflow vulnerability. If the user is cheated to use IE to access a malicious site or open a malicious email message, this overflow will be triggered, resulting in arbitrary executionCode.

Windows Resource Manager also processes some ani files with file extensions, such. ani ,. cur ,. ICO, etc. affected systems include: all versions of Microsoft Windows Vista, all versions of Microsoft Windows XP, Microsoft Windows Server 2003 SP1, Microsoft Windows Server 2003, and Microsoft Windows 2000.

At present, many websites at home and abroad have begun to exploit this vulnerability to spread malware, Trojan horses, and worms. This vulnerability is often disguised as an image, if you click a website or email with a malicious code image, the website or email will be infected with malicious programs. Whether it is IE6 or IE7, or the firefoxoperaie browser is under attack.

ArticleCopyright from http://vista.zol.com.cn owned by original author