Microsoft issues patch for cursor flaw

By Steve Blass, Network World, 04/05/07

 Start a discussion    Print article

 Comments (1)    Print article

Are there any workarounds to stop the most recent Windows animated-cursor exploit? Do you know when Microsoft will release a patch to repair the problem?

Microsoft released a patch last week to fix the animated-cursor vulnerability. This problem with the way animated cursors are handled in Internet Explorer on Windows requires only that one visit a malicious Web page designed to exploit the problem. No clicking is needed. This makes exploitation through HTML e-mail spam particularly easy and troublesome. Microsoft's advisory for this vulnerability, No. 935423, recommends setting Outlook and/or Outlook Express to display e-mail as plain-text only. Other workaround recommendations include using an alternate Web browser such as Firefox. Internet Explorer 7 on Microsoft Vista is reported to be unaffected by this vulnerability. Vista runs the browser in a protected mode unavailable in XP and earlier versions that keeps things like this animated-cursor exploit isolated from the core of the operating system. Large numbers of reported attacks based on this vulnerability are tied back to a small number of domains, and those who find themselves compromised are asked to report the incidents to the FBI through the Internet Crime Complaint Center, www.ic3.gov. This vulnerability is one you should take care of as soon as possible. Check Microsoft.com for the latest information on patch availability and keep a close eye on your systems-security monitoring tools.

Featured Whitepapers

LinuxCast Listen to the latest Linux news.

About Us | Contact Us | Advertising Info | Terms of Service/Privacy

Copyright, 2006-2007 Network World, Inc. All rights reserved.