Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Microsoft Operating Systems Security Software Windows

Windows Vulnerability in Animated Cursor Handling 338

MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."
This discussion has been archived. No new comments can be posted.

Windows Vulnerability in Animated Cursor Handling

Comments Filter:
  • First Pwndst (Score:2, Insightful)

    by Anonymous Coward
    So much for Vista being secure from the ground up!
     
    • Re:First Pwndst (Score:4, Insightful)

      by Luscious868 ( 679143 ) on Friday March 30, 2007 @08:51AM (#18542547)

      So much for Vista being secure from the ground up!
      Vista is secure from the ground up ... just so long as your running it in a VM on some other OS.
      • Re:First Pwndst (Score:5, Interesting)

        by Anonymous Coward on Friday March 30, 2007 @09:46AM (#18543281)
        It was. The vulnerability still affects Vista, but due to the different security subsystem the exploit can't really do anything. It sits stuck in a "protected mode" IE7 instance which can't do anything, not even fuck with the current user's profile. The exploit is effectively contained at that point.

        Even if the user were to download the cursors and run them locally the effect would be minimized because, by default, a user, even a member of Administrator, is jailed. The user's profile would be vulnerable at that point, but system stuff would not be.

        You can't stop vulnerabilities, but you can mitigate the result, and Microsoft has actually done a really damned good job at this in Vista.
  • by Dr. Zowie ( 109983 ) <slashdot.deforest@org> on Friday March 30, 2007 @08:46AM (#18542479)
    Huh? This boggles the imagination. I would have thought they'd have learned about security rings while rebuilding their entire OS from the ground up (as Longhorn was reputed to do).

    • Who cares if it runs as root or not? It really doesn't make too much of a difference except on a multi-user system. I don't care about my OS installation--that is easy to do again. What I do care about is my data. Deleting or corrupting files in my user profile directory (C:\Documents and Settings\user\* or /home/user/* -- take your pick) is digital death for me (assuming a backup will not restore properly or new data hasn't been backed up yet).

      It seems like every time someone comments about a security hole on Slashdot the response is along the lines of "Well, if this doesn't result in a root exploit, it isn't all that bad". If you agree with that statement, then go ahead and issue "rm -rf ~".

      Computers input, store, manipulate, and output data. My data is important to me. Arbitrary code execution regardless of whether in my user context or a context with superuser privileges is a threat to that data.
      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Who cares if it runs as root or not?

        You're missing the point, so are many others. If it runs as root/admin it means it can easily makes itself completely invisible to the system. Fake infos given to an anti-virus, etc. Completely stealth. It also means it can spy you silently in the background. If an exploit is root, the only way to detect it is from another system. You simply can't trust your OS anymore, unless you reinstall everything from scratch. What makes you think a local exploit would detect
      • by Rutulian ( 171771 ) on Friday March 30, 2007 @11:54AM (#18545241)
        Well, as another poster already said, it would be best if untrusted applications (like web browsers) were run as a different user from your main account. The only way it could access your data would be to require a password for privilege escalation. Unfortunately I don't know of any OS that does this. SELinux is neat, but I'm not sure it can do this without being overly restrictive.

        Anyway, I think the bigger issue, though, is that root is bad. Not just for multi-user systems. The reason being because most malicious attacks are not aimed at running "rm -rf ~". They can, but that is not really in the interest of most of the people writing these exploits. They are interested in installing spyware, malware, and rootkits...all of which require root/administrator privileges. Other things too, like getting into the system logs and messing with memory owned by other processes, that help a cracker find and take advantage of exploits also require elevated privileges. So if your exploitable program simply runs as an unprivileged user you can get rid of a lot of these problems. It won't get rid of all problems, but it would help significantly.
    • by Locutus ( 9039 ) on Friday March 30, 2007 @11:17AM (#18544657)
      you this that's bad, there was another security flaw in the mouse code announced over 15 months ago( Jan 05 ). They patched that but never examined the code for other exploits. I mean really, if you've got SOOO much freaking legacy code, you'd atleast want to be refactoring what you have to touch because of bugs or, for example, security holes.

      http://www.checkpoint.com/defense/advisories/publi c/2005/cpai-2005-06.html [checkpoint.com]

      But, the great minds at Microsoft and their Trusted Computing efforts appear to be spending more time on marketing and public relations and less time on even attempting to make a better product. It's bad enough that the mouse code is an attack vector but to just put a band aide on it and send it right into the Windows Vista product is just plain bad.

      Remember, Vista was said to be the most secure operating system available. Not the most secure version of Windows but the most secure operating system. And yet they are letting relatively small bits of code like this mouse code get through their masterful security techniques. Well, I guess that is why they've decided their security system will be based on a billion sandboxes instead of secure model for the whole... What a joke.

      LoB

  • by ballmerfud ( 1031602 ) * on Friday March 30, 2007 @08:46AM (#18542493) Journal
    Surprise, Windows Listed as Most Secure OS [slashdot.org] ... just don't move the mouse.
    • by CoolVibe ( 11466 ) on Friday March 30, 2007 @08:50AM (#18542537) Journal

      Surprise, Windows Listed as Most Secure OS [slashdot.org] ... just don't move the mouse.
      and pull the network plug out while you are at it. More security :)
      • Yes, but that is a given with any computer (Linux, Mac or Windows). Hence the saying that the most secure computer is one that is off, not plugged into anything (including a keyboad, monitor or wall outlet) and locked in a vault.

        IMHO, while the actual exploit might be new, haven't things like animated cursors always been among things you wanted to avoid due to the malware they come with? This just makes them worse.

        RonB
        • by spun ( 1352 ) <loverevolutionary&yahoo,com> on Friday March 30, 2007 @09:52AM (#18543349) Journal
          The most secure computer is turned off, unplugged, buried a mile deep in an asteroid somewhere in the Kuiper belt, ringed by defensive lasers, orbited by a swarm of nuclear smart mines and guarded by a whole company of battlemechs.
          • The most secure computer is turned off, unplugged, buried a mile deep in an asteroid somewhere in the Kuiper belt, ringed by defensive lasers, orbited by a swarm of nuclear smart mines and guarded by a whole company of battlemechs.

            That's far too much technology that needs to be trused. What if the protective equipment is compromise, and the battlemechs dig the computer up using the mines and the lasers, and then install a Sony rootkit on it?

            No, the most secure computer would be one unharmed while eve
      • and pull the network plug out while you are at it. More security :)


        While you're at it, pull out the cable attached to the power supply....Windows Vista Ultimate Security! ;)
  • This old? (Score:5, Insightful)

    by LinuxGeek ( 6139 ) * <djand.nc@NoSpAM.gmail.com> on Friday March 30, 2007 @08:47AM (#18542495)
    With exploits as old as this one, it makes me wonder just how many high level hackers/crackers have used this in silence over the years. It could pay very well to keep ploits such as this one silent for as long as possible.
    • Re:This old? (Score:5, Insightful)

      by truthsearch ( 249536 ) on Friday March 30, 2007 @08:56AM (#18542599) Homepage Journal
      This is a perfect example of how using Microsoft's official list of exploits is a mostly meaningless metric to determine how secure the OS really is. It gives no indication of security holes being secretly exploited for years.
      • Re:This old? (Score:5, Insightful)

        by LilGuy ( 150110 ) on Friday March 30, 2007 @09:02AM (#18542687)
        If it were true that this was exploited for years, why would it come out now? Has something even better been found and thus this one can be trashed?
        • Re: (Score:2, Interesting)

          by ergo98 ( 9391 )

          If it were true that this was exploited for years, why would it come out now?

          Someone got too greedy? They targeted a rare individual that was more vigilant about their machine?
        • Re:This old? (Score:4, Informative)

          by fuzz6y ( 240555 ) on Friday March 30, 2007 @11:23AM (#18544749)
          Because one of the "good guys" finally found it and reported it. The "bad guys" weren't ever going to squeal.
      • That's true, but it's true of any exploit list. After all, how would the list maintainers know if something were secretly being exploited for years?

        • That's true. My point wasn't specific to Microsoft. I just used them because they're the subject of the post and such an easy target. ;)
      • This is a perfect example of how using Microsoft's official list of exploits is a mostly meaningless metric to determine how secure the OS really is. It gives no indication of security holes being secretly exploited for years.
        That goes for the UNIXes as well.
    • Re: (Score:3, Insightful)

      by rbochan ( 827946 )
      A decade ago it was screensavers... you've come a long way baby...

    • It could pay very well to keep ploits such as this one silent for as long as possible.

      What makes you think they didn't?

    • Re:This old? (Score:4, Informative)

      by alexhs ( 877055 ) on Friday March 30, 2007 @09:18AM (#18542873) Homepage Journal
      Also this is not the first flaw affecting animated cursors. I remember having read about that a few years ago. Googling "animated cursor flaw" gets me to 2004-12-29 [windowsitpro.com].
      So, their problems with animated cursors are really old, back to the NT 4 era.
  • Oblig. (Score:3, Funny)

    by zlogic ( 892404 ) on Friday March 30, 2007 @08:50AM (#18542531)
    In Soviet Russia, cursors pwn you!
    • Unfortunately, since cursors pwn you in the US, the statement must be revised (rather ironically) to:

      In Soviet Russia, you pwn cursors!

      See, since that doesn't exactly work with the other Soviet Russia jokes, there's no reason to post it here. You pwn cursors and cursors pwn you in the US. Now, if we replaced cursors with mice and you with your food, then we have a more appropriate USSR joke.
    • In Soviet Russia, cursors pwn you!

      Correction: In Soviet Russia, you pwn cursors! So you might want to live in Soviet Russia... Sorry.
  • by neoform ( 551705 ) <djneoform@gmail.com> on Friday March 30, 2007 @08:51AM (#18542539) Homepage
    >Solution: Do not browse untrusted sites or view untrusted e-mails.

    Nice, so basically I'm not supposed to read any emails from people I don't know. Sounds like a viable solution.
    • Re: (Score:2, Informative)

      by penp ( 1072374 )
      If you read the link [microsoft.com] to Microsoft's advisory about the exploit, it sounds like you're not even supposed to trust email from people you do know.

      As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.

      On top of that, if you read further it starts to sound like a scheme they're using to try to sell more copies of Windows Vista.

      Mitigating Factors for Animated Cursor Vulnerability

      Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode. For more information on Internet Explorer Protected Mode see the following Web Site.

      By default, Outlook 2007 uses Microsoft Word to display e-mail messages which protects customers from the HTML e-mail preview and attack vector.

      Who needs animated cursors, anyway?

    • by Yvan256 ( 722131 )
      And since you can fake web adresses (at least for Internet Explorer) and fake email adresses (nobody is immune), you can't do anything at all.

      The real solution is to disconnect your computer from teh intarweb.

    • by ehaggis ( 879721 ) on Friday March 30, 2007 @09:28AM (#18543017) Homepage Journal
      Don't use a cursor, just guess where your mouse is pointing.
  • I though Vista was supposed to be the most secure OS ever. But animated mouse icons? I wonder what part of protected memory microsoft doesn't understand. It is probable due to some speedup fix so it can beat the benchmark tests. Normal use we don't see a problem but sacrifice security so it can beat the benchmark tests so it can say it is faster.
    • by cnettel ( 836611 )
      Let me ask a counter-question: What part of a user-mode exploit don't you understand? What I want to know is to what degree the reduced privileges of IE in Vista (confusingly also called "protected mode") makes direct exploitation of this harder.
      • Protected memory should prevent memory from each object from interfearing with each other. Not by user. User Mode security is just as bad as system level. Except it just doesn't have full access. But the bulk of your important information is accessable via your user account. The mouse images and animation should be in its own seporate memory block that can only be accessed via controled input calls. When the input is given it then should be checked to insure the format is sane. Finally this control shou
        • by cnettel ( 836611 )
          Ok, but then you don't only ask for protected memory, but a microkernel and lots of server processes. Changing page tables on the fly to do this, while keeping the number of processes low, is completely unthinkable on current architectures. As we have no actual production OS even close to the granularity you're requesting here, the question is not what part of protected memory MS doesn't understand. In this case, they understand, and use it, in pretty much the same way as "everyone" else. (If it had actuall
    • by rajafarian ( 49150 ) on Friday March 30, 2007 @09:29AM (#18543043)
      I though Vista was supposed to be the most secure OS ever.

      Nope. I watched their lips and every time they said, "Vista will be the most secure Microsoft operating system ever."

      I think this was carefully worded by them so they could say it with an honest face.
  • by bubbl07 ( 777082 ) on Friday March 30, 2007 @08:52AM (#18542565) Homepage
    From a McAfee Avert Labs blog article:

    Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.
    Moral of the story: don't use the IE rendering engine for cursors by avoiding using the IE web browser and by not using untrusted animated cursors in Windows.
    • Re: (Score:2, Informative)

      by bubbl07 ( 777082 )
      My apologies, article here [avertlabs.com].
    • Isn't it great how Microsoft's suggested workarounds only say "View E-Mail in plain-text, don't visit untrusted sites" (even though they claim beforehand an attacker might also try to hijack trusted sites to deliver the exploit).

      Guess they can't write the obvious, "Use an alternative browser and/or email client.". Hah, what a Dubya-ian world they're living in.

      So I'm assuming the way to exploit it is with CSS's cursor [w3schools.com] property:
      cursor: url('some-bad-file.ani');
      I'm guessing Firefox has its own animated cursor
  • by 140Mandak262Jamuna ( 970587 ) on Friday March 30, 2007 @08:56AM (#18542605) Journal
    Well, one can understand programmers making stupid mistakes, and creating vulnerabilities. And everytime you add features, whether it is important or just bells and whistles, you always run the risk of opening up another vulnerabilities. Granting all that, why is it that, in 2007, after Vista, with "Security is Job 1 in MSFT", why does a vulnerability in a browser goes all the way up to executing arbitrary code? Browsers are expected to get data from untrustable sites, they should have heavy armour protection. Why the users are putting up with this nonsense?

    Some stupid consumer protection council reports that some part of some toy can come apart and present a choking hazard to children. "As many as 3 children could have died over the last 10 years because of this!" Suddenly all news organizations act as though the sky has fallen, and on slow news day, it is even the lead story! Here we have a hazard that could get your machine rooted and pwned and steal your password and sell it in the organized crime networks, ... and the world reacts with a collective shrug.

    Sorry, for the rant, I know I am preaching to the choir, just need to get it off my chest.

    • Microsoft's advisory claims that IE7 in protected mode isn't vulnerable.
  • by straponego ( 521991 ) on Friday March 30, 2007 @08:57AM (#18542609)
    ...install an animated cursor in the first place? Okay, besides the CEO.
    • by Torodung ( 31985 )
      Actually, it's pretty useful for the "wait" cursors, because you can tell if the system has crashed or is stuttering badly. I use it for both the "Working in background" and "Busy" signs. If the hourglass stops moving, and sometimes it does, even if mouse control still works, you know you're waiting for nothing. It was more useful with Windows 95 and 98, but I still use it in XP.

      (Actually, I use a set of modified Mac OS 8 icons, including black arrows and the classic "watch" icon, but I use hourglasses here
    • Re: (Score:3, Insightful)

      I'll own up and admit to having used exclusively animated cursors in the past... but then again, I was a mouthbreathing teenager in the mid 1990s with my first Pentium. I also had Star Trek WAVs hooked to all my Windows events, ran After Dark's screensaver app at all times, used any excuse to look things up Compton's Interactive Encyclopedia CD-ROM, and obsessively hoarded Voyager publicity photos from Compuserve. A few blinky wiggly pointers shaped like phasers and lightsabers were the least of my crimes
    • Re: (Score:3, Funny)

      ...install an animated cursor in the first place? Okay, besides the CEO.

      My cursor is a big punching glove. It makes hitting that damn monkey that much easier...
    • Re: (Score:3, Informative)

      What kind of mouthbreather would even install an animated cursor in the first place?

      I'm not sure that's really the problem. Wouldn't either of those articles have listed it as a workaround if so? I think this is the actual problem:

      With Microsoft Internet Explorer 6 or 7 you can use your own animated or static cursor on your webpage instead of the standard system cursor. All you have to do is add a little code to your HTML-documents or the CSS-stylesheet and upload the cursor file (*.ani or *.cur) to the w

  • by roman_mir ( 125474 ) on Friday March 30, 2007 @08:57AM (#18542613) Homepage Journal
    Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker. - <sarcasm>well, we all know not to open specially crafted e-mail messages and attachments.</sarcasm>

    Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. - I can give an advice even without an expensive investigation. Do not use MS IE, do not use MS Outlook, do not allow animated anything on your desktop and probably the best thing to do is to finally just plain not to use MS, but in many cases it is not an option.

    Really, who uses animated anything on their desktops? It is always a performance hit. I completely disable all active desktop features immediately before using a computer with MS Windows installed. Turn off all animations, turn off 'show content while dragging window' option, switch to 'classic' look for the look of the Explorer, make sure that there are no thumbnails, switch to 'details' in the Explorer, make sure to show extensions on all files, make sure to apply to all folders and turn of 'Remember each folder settings' option.

    I am not certain that this will prevent this particular problem, but not using IE and Outlook most likely would (while using other email clients do not allow active content to execute and do not trust attachments ever.) It's a real pain, it would be much better to run MS Windows in a virtual machine on GNU/Linux (VMWare I suppose.)
    • by rbochan ( 827946 ) on Friday March 30, 2007 @09:11AM (#18542805) Homepage

      ...Really, who uses animated anything on their desktops? It is always a performance hit. I completely disable all active desktop features immediately before using a computer with MS Windows installed...

      That's fine for you, but have you seen an average consumer machine recently? Everything from animated wallpaper to rotating slide shows to OMGPONIES!!!!!! themes get installed - usually via Active X.
      You _are not_ the average user - the statement you made above proves that. The 'average joe' thinks his computer is appliance, like a toaster, because Bill Gates tells him it is.

      • Re: (Score:3, Funny)

        Everything from animated wallpaper to rotating slide shows to OMGPONIES!!!!!! themes get installed

        We're two days away from April 1st, let us enjoy these days while we can...

    • Re: (Score:3, Informative)

      do not allow animated anything on your desktop

      I'm not sure that's really the solution. Wouldn't either of those articles have listed it as a workaround if so? I think this is the actual problem:

      With Microsoft Internet Explorer 6 or 7 you can use your own animated or static cursor on your webpage instead of the standard system cursor. All you have to do is add a little code to your HTML-documents or the CSS-stylesheet and upload the cursor file (*.ani or *.cur) to the webserver.

      http://www.anicursor.com/web

  • It would seem that any remotely defined cursor could be used maliciously by displacing the hotpoint relative to the cursor graphic and encouraging the user to click on something "safe" when the real hot spot for the click is elsewhere over something untrustworthy.
  • by Rastignac ( 1014569 ) on Friday March 30, 2007 @08:58AM (#18542631)
    Our security expert, Jackson M., just tolds us:
    " So, ANI are you ok ? Are you ok ANI ?
        You've been hit by... you've been hit by... a smooth criminal ! "
  • by Anonymous Coward on Friday March 30, 2007 @09:01AM (#18542665)
    A workaround for this is to install some quality cursors.
    I use the comet cursor package that installed itself automatically when I browsed the web.
    It has some great cursors and loads of other features that make using Windows far more entertaining.

    I have not been able to remove or alter the comet cursor package since it installed itself, so I think it will protect very well against other cursors getting installed on my computer.
  • by xactuary ( 746078 ) on Friday March 30, 2007 @09:11AM (#18542811)
    Cursors? Foiled again!

  • by Anonymous Coward on Friday March 30, 2007 @09:24AM (#18542955)
    [Cancel] or [Allow]?
  • thursdays update killed my system. every window scrolls up and down at 1000 mph. you can't click anything at all. so who cares about an animated cursor -- i need to stop the animated window. oh, i'd like to get my shift keys working again too. they are now backup to previous window keys. thanks microsoft
  • Caution (Score:5, Informative)

    by Alioth ( 221270 ) <no@spam> on Friday March 30, 2007 @09:29AM (#18543039) Journal
    If you think you're not vulnerable because you won't be downloading an animated cursor, or you're not vulnerable because you have AV software, read this:

    http://www.secureworks.com/research/threats/gozi/ [secureworks.com] ...which has a similar infection vector (by merely visiting a web page you get infected), and went undetected for 54 days.

    This latest silent exploit, which can be used by merely visiting a web page, will be used for other similar attacks.

    • Near as I can tell, this doesn't take you downloading an animated cursor. There's IE-specific CSS code that allows you to replace the cursor in IE. You can't turn it off. If only MS had added that as an option, we'd at least have a workaround.
  • I'm sure that those "free animated george bush cursors" ads that pop-up when I'm surfing around are safe from this, right?
  • Processes you can understand having exploits, no coders are perfect. But how the hell have they exposed the underlying cursor API/buffer so that someone can make an exploit out of it except via some idiotic and stupid design decision?? This really beggars belief. If the even the cursor is vulnerable is there *anything* that can be trusted to be secure on a windows PC apart from the OFF switch?
  • by illegalcortex ( 1007791 ) on Friday March 30, 2007 @09:59AM (#18543473)
    For those people saying "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:

    body {cursor: url('cursor.ani');}
    <BODY style="CURSOR: url('cursor.ani')">
    <BODY style="CURSOR: url('http://www.example.com/cursor.ani')">

    You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified .ANI file which exploits the hole in IE.

    I am almost positive there is no way to disable this in IE.
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Friday March 30, 2007 @10:04AM (#18543553)
    Comment removed based on user account deletion
  • It boggles the mind that (fully patched) XP, IE7, and Vista are still vulnerable to buffer overflow attacks. It's 2007 for god's sake, not 1987.

    Any use of a stack-based static-sized buffer should have thrown up huge red flags during code review. To have unchecked use of a static buffer make its way into production code is inexcusable in this day and age, particularly at Microsoft.
  • Ah yes (Score:3, Insightful)

    by loconet ( 415875 ) on Friday March 30, 2007 @10:25AM (#18543849) Homepage
    Although I use Linux exclusively at home/work, here I am, silly fool, giving the benefit of the doubt to Vista and its "enhanced security". I've always been aware IE's ability to create holes in the most unrelated portions of the OS (cursor, help pages, etc) and yet, I thought that Vista, maybe, just maybe actually was worth its 5+years of development and it was not all spent in DRM crap. How foolish of me. Here is yet again another seemingly unrelated functionality affected by the disaster that is IE. I will not be surprised if tomorrow IE can make your desk lamp vulnerable.
  • Don't worry ! (Score:4, Insightful)

    by udippel ( 562132 ) on Friday March 30, 2007 @11:03AM (#18544393)
    The Microsoft Advisory - whom we all trust - shows that the fuzz here in /. is unnecessary.
    RTMF (Read The Mitigating Factors) !:

    In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker could also attempt to compromise a Web site to have it serve up a Web page with malicious content attempting to exploit this vulnerability. An attacker would have no way to force users to visit a Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site or a site compromised by the attacker.

    An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


    See, much ado about nothing !:
      - the attacker would have to host a web site [surely, they couldn't, could they !]
      - the attacker could compromise a web site [probably they would not know how to, would they !]
      - the attacker has no way to force the user to visit a specific website [see !]
    Especially the latter gave me complete relief and peace of mind ! I can't be forced, that means I am as good as safe ! Yahoo !
      - the attacker would need to persuade us [just told my wife not to answer the phone or door bell]

    Not running my web browser as administrator [I don't] seriously limits the potential damage, thanks to Vista's unique feature of unprivileged user accounts.

    Thanks, Microsoft, for an informative advisory; and a comprehensive and clear list of mitigating factors !
    Thanks, Microsoft, for debunking so-called "extremely critical" vulnerabilities as myth, again !

  • Boy... (Score:4, Funny)

    by Zebra_X ( 13249 ) * on Friday March 30, 2007 @12:04PM (#18545393)
    Sure am glad I just upgraded to Vista and Office 2007:

    Mitigating Factors for Animated Cursor Vulnerability

      Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode. For more information on Internet Explorer Protected Mode see the following Web Site.

      By default, Outlook 2007 uses Microsoft Word to display e-mail messages which protects customers from the HTML e-mail preview and attack vector.

    I think the important thing here to note is that MS is actually delivering on it's promise to deliver a more secure OS and set of applications for users.

Keep up the good work! But please don't ask me to help.

Working...