Security news
Security news30 March 2007
Malicious animated cursors exploit unpatched Microsoft vulnerability Windows Vista users not immune from security hole
Microsoft Windows has a vulnerability in its handling of animated cursors.
Sophos, a world leader in IT security and control, has warned computer users of a zero day vulnerability in the way that Microsoft Windows handles animated cursors (.ANI files). Multiple versions of Microsoft Windows are affected by the unpatched vulnerability, including Windows Vista.
According to an advisory by Microsoft, Windows 2000, XP, Server 2003 and Vista are said to be affected by the flaw, which has been exploited by hackers in targeted attacks.
"Animated cursors are typically used by website developers to enrich users' online experiences, but a twirling hourglass is hardly worth the risk of a malicious attack. Sadly users don't get a choice as to whether a website attempts to animate their cursor or not, and hackers could use the vulnerability to run malware," said Graham Cluley, senior technology consultant for Sophos. "Microsoft will be scrabbling to fix this vulnerability at the earliest possible opportunity, as hackers are already exploiting the security loophole in their attempt to infect innocent computer users."
Sophos researchers have analyzed malware which exploits the Microsoft vulnerability, issuing protection against the Troj/Animoo-U Trojan horse at 23:46 GMT on 29 March 2007.
Microsoft has published an advisory on its website which discusses the vulnerability.
Sophos experts note that this is not the first occasion when Microsoft products have been exploited through malware which takes advantage of security vulnerabilities in the way Windows handles animated cursors and icons.
In January 2005, Microsoft issued Security Bulletin MS05-002 which detailed a critical security vulnerability in the Windows implementation of animated cursors which allowed hackers to remotely execute code, and advised customers to apply the protection update immediately.
"Unfortunately Microsoft's patch from early 2005 does not protect against this latest vulnerability," continued Cluley.
Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
