REDMOND, WA — Microsoft announced over the weekend that it would make a patch available for its animated cursor flaw this week, rather than wait until the scheduled monthly security update due to take place on April 10th.In an email to CNET/News.com, a Microsoft representative stated that “Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers.”
A patch for the flaw is due to be released today.
According to the Microsoft advisory, the threat is “caused by insufficient format validation prior to rendering cursors, animated cursors, and icons.”
The advisory also states that attackers “could try to exploit the vulnerability by creating a specially crafted web page,” and/or “create a specially-crafted email message and send it to an affected system.”
“Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code,” the advisory states. “While animated cursors typically are associated with the .ani file extension, a successful attack is not constrained by this file type.”
It is not necessary for a user to actually click anything on a website that contains the malicious code; merely visiting such a site is sufficient to trigger infection.
Microsoft originally issued its advisory concerning the flaw last Thursday, and by Friday malicious code designed to exploit the flaw in the way Windows handles animated cursor files (.ani) was circulating on the Web.
CNET/News.com also reports that, according to Arbor Networks, the malicious code exploiting the flaw appears to be originating from the following sites:
wsfgfdgrtyhgfd.net
85.255.113.4
uniq-soft.com
fdghewrtewrtyrew.biz
newasp.com.cn
As a workaround solution, Microsoft suggests that users read e-mail messages “in plain text format if you are using Outlook 2002 or a later version, or Windows Mail to help protect yourself from the HTML e-mail preview attack vector.” The company cautions, however, that reading email in plain text on Windows Vista Mail “does not mitigate attempts to exploit the vulnerability when Forwarding and Replying to mail sent by an attacker,” and reading email in plain text on Outlook Express “does not mitigate attempts to exploit this vulnerability.”
The flaw does not affect Firefox or Opera Browsers.
For more information, refer to the Microsoft advisory at: http://www.microsoft.com/technet/security/advisory/935423.mspx
