Cursor flaw exposes Windows to malicious code threat

Flaw exposed, with no fix available, whereby malicious code can be installed under the guise of an animated cursor.

Multiple versions of Windows are at risk from a recently discovered security hole, whereby malicious code can find its way onto systems via cursor and icon customisation options.

Microsoft has already posted a security advisory detailing the issue, as well as updating its OneCare security software for consumers in an attempt to minimise the problem ahead of a long-term fix.

The advisory says all of Microsoft's supported versions of Windows for the desktop are affected, from Windows 2000 SP4 to Vista as well as versions of Windows Server 2003.

The affected software performs 'insufficient format validation prior to rendering cursors, animated cursors, and icons'. An attacker can create a web page or embedded email and by persuading a target to view that content could install malicious code on the system.

McAfee says Vista is only vulnerable to a denial of service attack. Microsoft's own investigation has discovered that users of Outlook 2007 are protected against the attack, as are users of Windows Mail on Vista as long as users do not forward or reply to the attacker's email. Outlook Express users are vulnerable, even if they are only viewing mail in text.

Microsoft describes the attacks as 'targeted and not widespread,' although McAfee has discovered many compromised servers hosting the exploit code for this .ani vulnerability. 'Googling the referenced script yields 113,000 results. It's likely that most of those sites were compromised through SQL injection vulnerabilities. Of course many of these sites have been cleaned up, malicious references removed, but not all,' it says.

While OneCare users are protected, users of other security software will be updated as new attacks are discovered. Some users may already be protected. According to F-Secure, 'A sample that is possibly related to this has been obtained and is detected as Exploit:W32/Ani.C since update 2007-03-29_09. This sample downloads a copy of a Trojan that has already been detected as Trojan-Downloader.Win32.Small.ELA.'

Symantec too says its users remain protected. 'So far, Security Response has received only a handful of submissions of the exploit. Currently, all samples have been detected as either Downloader or Trojan.Anicmoo. The submitted files are generally .ani files from malicious Web sites that have been renamed with a .jpg extension,' it says.

Microsoft suggests reading email only in plain text, ensuring firewall and security software is up to date, keep Windows updated and treat all file transfers with suspicion.

Microsoft says it will be necessary to issue a security update, although it is not yet clear whether this will be within the normal monthly parameters or an out of cycle release.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021