LETN Solutions - Leading Edge Technology & Network Solutions
With attackers finding more ways to exploit a critical flaw in its Windows operating system, Microsoft has published an emergency software patch.
The update fixes seven separate Windows vulnerabilities, but security experts are most concerned about a bug in the way Windows processes .ani Animated Cursor files. Online criminals have been exploiting this bug since late last week.
This is the only one of the seven vulnerabilities rated “critical” by Microsoft.
Microsoft was forced to release the early update a week ahead of schedule because attacks had become too widespread, the .ani attack vector will probably be one of the most prevalent and persistent types of attacks over the next months and years.
This is the third such “out-of-band” patch release Microsoft has made since January 2006. While attacks based on this .ani flaw are still considered limited, exploitation of the bug is following trends similar to the Windows Metafile (WMF) and Vector Markup Language (VML) vulnerabilities that were patched in the other two updates, according to director of Microsoft’s Security Response Center, Mark Miller.
Microsoft had seen only Web-based exploitation of the .ani flaw, Miller said. “There have been some indications that email has been used, but we haven’t seen anything on that front.”
Windows users are strongly encouraged to install the patch, because the .ani flaw can be used to exploit computers running virtually any version of Windows, including Vista, even if they are running non-Microsoft browsers like Firefox and Opera, Mulchandani said.
If you wish, we can give you a call to discuss your needs.