Showing posts with label Patch. Show all posts
Showing posts with label Patch. Show all posts

Tuesday, April 10, 2007

Over 2000 are actively exploiting Microsoft .ani flaw

2000+? That is a heckuva lot of sites!

"The number of Web sites engineered to exploit the problem has jumped considerably since the vulnerability was publicly disclosed by Microsoft on March 29. It will likely continue to rise until patches are applied across corporate and consumer PCs, said Ross Paul, senior product manager for Websense. " - IDG News Service, Over 2,000 sites now exploit .ani security flaw

If you have not applied this patch, you are implored to do so now! This is a serious flaw and exploits are rampant. Also, reference my earlier post labeled "Microsoft to Release OOB (Out of Band Patch) Tommorow"

Although there have been a few reported application incompatibility issues with this patch, the potential consequences of not patching should outweigh these issues. Read more!

Posted by The Trusted Toolkit at 8:46 AM 0 comments

Labels: , ,

Monday, April 2, 2007

Microsoft to Release OOB (Out of Band) Patch Tomorrow

This is a little rare, but I am glad to see it! Microsoft made the announcement today that they would issue a patch for what has been called "Microsoft Windows Animated Cursor Handling Buffer Overflow". That's a mouthful. For those of you who don't know, Microsoft releases patches to the general public every second Tuesday of the month (AKA "Patch Tuesday"). Last month, Microsoft did not release any patches, which is also quite rare.

What is the "Microsoft Windows Animated Cursor Handling Buffer Overflow"?
This vulnerability was announced on various information security sites more than four (4) days ago. The issue stems from the method in which Microsoft operating systems (Windows 2000 SP4 - Vista) handle the processing of malformed .ani, cur, and .ico files, resulting in possible memory corruption and buffer overflow.

Should I Care?
Yes, you should. The is a remotely exploitable vulnerability which could lead to the ability to execute arbitrary commands and/or denial of service.

What does The Trusted Toolkit recommend?
Apply the patch tomorrow when it becomes available from Microsoft. In the meantime, follow other good security practices.

More Info:
Microsoft: http://www.microsoft.com/technet/security/advisory/935423.mspx
Secunia (rated "Extremely critical"): http://secunia.com/advisories/24659/

 Read more!

Posted by The Trusted Toolkit at 10:49 AM 1 comments

Labels: , ,

Subscribe to: Posts (Atom)