Get Your Early Windows Patch Tomorrow!
Microsoft has decided to rush out a fix for a flaw in its Windows operating system, saying that the problem has become too serious to ignore.
The flaw,which will be patched on Tuesday, was originally disclosed to Microsoft in December, but it was not publicly reported until last week. The bug lies in the way Windows processes .ani Animated Cursor files, which are used to create cartoon-like cursors in Windows.
What this means is that going to a site with your browser or opening an HTML e-mail message will allow your computer to be infected. If your mail reader is set to use the “Preview Pane,” for example, it may automatically open a message and infect your computer without your knowledge.
Microsoft responded to requests by enterprise IT administrators to release its patches on a regular and predictable schedule, which led to the current monthly “Patch Tuesday” system. However, in situations like this one, where serious infecting code is “in the wild”, Microsoft will occasionally release an early patch.
All software has unknown flaws, many of which can be exploited to give unintended access or control to crackers (bad-guy hackers). There are some practices which may reduce the likelihood of a flaw leading to control, but they are not foolproof.
According to the article, there are now more than 100 sites hosting infected cursors and a new worm propagating the infection has been discovered in China.
Because simply previewing an HTML e-mail message can result in an infection, Microsoft also provided additional details late Thursday on which of its e-mail clients are safest to use. According to Adrian Stone, an MSRC program manager, Outlook 2007 is invulnerable, as is Vista’s Windows Mail–as long as users don’t reply or forward the attacker’s messages. The SANS Institute’s testing, however,contradicted Microsoft; by SANS’ account, Outlook Express in Windows XP, Windows Mail in Vista, and Outlook 2003 in any version of Windows puts users at risk when they simply preview a malicious message. They don’t have to actually open the message to be in danger of an infection.
In-the-wild attacks, said Dunham, have been limited so far to those against Windows XP SP2 through Microsoft’s Internet Explorer 6 and 7 (IE6 and IE7) browsers. But that won’t likely remain the case for long. “Our tests prove that trivial modification is all that’s required to update the payload and functionality on multiple operating system builds,” he said.
And while Microsoft Thursday said Vista’s version of IE7 protects users, eEye’s Brown added that browser-based attacks aren’t the only game in town. “I get the PR [public relations] angle they’re going down, but there are all sorts of ways this can come in, including HTML e-mail. Vista’s not immune.”
I would strongly urge Windows users to use Microsoft’s update site tomorrow, at the earliest possible time, and get this patch.
In the meantime, get the newest antivirus and antispyware definitions for your software. Symantec, at least, has added the worm to their list of attackers.
Blogged with Flock