Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Latest Software and Security Updates » Microsoft Plans Emergency Patch For .ANI Bug

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Microsoft Plans Emergency Patch For .ANI Bug

Reply
Thread Tools
Latest Software and Security Updates
  #1 (permalink)  
Old 02-04-2007, 10:12 PM
jephree's Avatar
¨*·.¸ «.·°·..·°·.» ¸.·*¨
  
Join Date: Jun 2004
Posts: 25,326
jephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniture
Microsoft Plans Emergency Patch For .ANI Bug
Quote:
By Kevin McLaughlin, CRN
4:08 PM EDT Mon. Apr. 02, 2007 A week before its monthly Patch Tuesday release, Microsoft plans to release an emergency patch Tuesday for the four-month-old animated cursor file (.ANI) vulnerability in Windows after attacks using the flaw spiked over the weekend.
"From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat," wrote Christopher Budd, security program manager at Microsoft's Security Response Center, in a Monday blog post.

The public disclosure of proof-of-concept code and customer feedback has spurred Microsoft researchers to work "around the clock" to test the update, Budd wrote.

Security researchers rushed to offer their assessments on what appears to be most serious security vulnerability of 2007. Websense Security Labs said it's tracking more than 100 Web sites that are spreading the .ANI exploit, most of which are downloading and installing password-stealing code. Researchers from McAfee's Threat Center said they discovered a spam campaign that attempts to drive users to a Web site hosting exploit code.

Researchers from the Chinese Internet Security Response Team (CSIRT) said they've discovered a worm using the .ANI exploit that's spreading.

The worm, which mimics the behavior of the Win32.Fujacks worm, inserts malicious links into .HTML, .ASPX, .HTM, .PHP, .JSP, .ASP and .EXE files, directing users to sites hosting the .ANI exploit, according to a Monday CSIRT bulletin.

Microsoft had originally planned to patch the .ANI flaw as part of its April 10 monthly patch release, but the company was able to speed up the testing process and release a fix ahead of schedule, Budd wrote.

"Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10," Budd wrote.

However, he said it's possible that Microsoft could be forced to delay the release of the patch if the company encounters any unforeseen issues in testing the patch.
http://www.crn.com/security/198701903
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 03-04-2007, 11:38 PM
jephree's Avatar
¨*·.¸ «.·°·..·°·.» ¸.·*¨
  
Join Date: Jun 2004
Posts: 25,326
jephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniture
Re: Microsoft Plans Emergency Patch For .ANI Bug
Microsoft released the below security bulletin to address a CRITICAL vulnerability issue in Windows:


Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft posts emergency defense for new attack VopThis Latest Software and Security Updates 0 25-10-2008 09:16 PM
Daylight Saving for WA - Microsoft patch. paulthomasno6 Chat Room 3 03-12-2006 10:08 AM
EMERGENCY!!! Microsoft WORD not Working!! AlkS14 Desktop / Server Applications 7 18-11-2005 08:24 PM
Israel Plans to Hit Iran Nuke Plant patriotcow Chat Room 13 14-03-2005 05:58 PM
Microsoft Patch Tuesday chopper Windows XP Help 3 09-02-2005 03:48 PM


All times are GMT +1. The time now is 11:27 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav