Windows Vulnerability in Animated Cursor Handling 338
MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."
Surprise, Windows Listed as Most Secure OS (Score:5, Funny)
Oblig. (Score:3, Funny)
Re: Surprise, Windows Listed as Most Secure OS (Score:5, Funny)
The Solution is Amazing (Score:5, Funny)
Nice, so basically I'm not supposed to read any emails from people I don't know. Sounds like a viable solution.
What kind of mouthbreather would even... (Score:5, Funny)
Criminals using this vulnerability ? (Score:5, Funny)
" So, ANI are you ok ? Are you ok ANI ?
You've been hit by... you've been hit by... a smooth criminal ! "
A workaround for this... (Score:5, Funny)
I use the comet cursor package that installed itself automatically when I browsed the web.
It has some great cursors and loads of other features that make using Windows far more entertaining.
I have not been able to remove or alter the comet cursor package since it installed itself, so I think it will protect very well against other cursors getting installed on my computer.
I can hear Ballmer screaming... (Score:5, Funny)
Re:Why does it get to be this bad? (Score:5, Funny)
Even if you're a programmer, you're still out of your league on this one. Only a plumber could understand the series of tubes that make up the Internet.
Solution: "You are trying to move the mouse..." (Score:5, Funny)
Re:What kind of mouthbreather would even... (Score:3, Funny)
My cursor is a big punching glove. It makes hitting that damn monkey that much easier...
Re:Why would my cursor run as root? (Score:5, Funny)
Successful.
Re:The Solution is Amazing (Score:5, Funny)
Re:Vista Security. (Score:5, Funny)
Nope. I watched their lips and every time they said, "Vista will be the most secure Microsoft operating system ever."
I think this was carefully worded by them so they could say it with an honest face.
Correction (Score:3, Funny)
Correction: In Soviet Russia, you pwn cursors! So you might want to live in Soviet Russia... Sorry.
Re:Why would my cursor run as root? (Score:5, Funny)
"In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user or system files and settings without user consent." -- From the Windows Vista: Features Explained site.
Unless of course the user has been driven insane by all the "Cancel or Allow?" questions and would readily click "Allow" even in a dialog box asking, "Your computer would like to strangle you with its power cord. Cancel or Allow?"
Pfff. Locked in a vault? (Score:5, Funny)
Re:I can hear Ballmer screaming... (Score:3, Funny)
Damn you! Damn you all to hell!!
Re:What's to investigate? (Score:3, Funny)
We're two days away from April 1st, let us enjoy these days while we can...
Good heavens... (Score:4, Funny)
Re:goddam hackers (Score:4, Funny)
Boy... (Score:4, Funny)
Mitigating Factors for Animated Cursor Vulnerability
Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode. For more information on Internet Explorer Protected Mode see the following Web Site.
By default, Outlook 2007 uses Microsoft Word to display e-mail messages which protects customers from the HTML e-mail preview and attack vector.
I think the important thing here to note is that MS is actually delivering on it's promise to deliver a more secure OS and set of applications for users.