[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

The Media Flips Over Tulsi & Matt Gaetz, Biden & Trump Take A Pic, & Famous People Leave Twitter! 4 arrested in California car insurance scam: 'Clearly a human in a bear suit' Silk Road Founder Trusts Trump To 'Honor His Pledge' For Commutation "You DESERVED to LOSE the Senate, the House, and the Presidency!" - Jordan Peterson "Grand Political Theatre"; FBI Raids Home Of Polymarket CEO; Seize Phone, Electronics Schoolhouse Limbo: How Low Will Educators Go To Better Grades? BREAKING: U.S. Army Officers Made a Desperate Attempt To Break Out of The Encirclement in KURSK Trumps team drawing up list of Pentagon officers to fire, sources say Israeli Military Planning To Stay in Gaza Through 2025 Hezbollah attacks Israeli army's Tel Aviv HQ twice in one day People Can't Stop Talking About Elon's Secret Plan For MSNBC And CNN Is Totally Panicking Tucker Carlson UNLOADS on Diddy, Kamala, Walz, Kimmel, Rich Girls, Conspiracy Theories, and the CIA! "We have UFO technology that enables FREE ENERGY" Govt. Whistleblowers They arrested this woman because her son did WHAT? Parody Ad Features Company That Offers to Cryogenically Freeze Liberals for Duration of TrumpÂ’s Presidency Elon and Vivek BEGIN Reforming Government, Media LOSES IT Dear Border Czar: This Nonprofit Boasts A List Of 400 Companies That Employ Migrants US Deficit Explodes: Blowout October Deficit Means 2nd Worst Start To US Fiscal Year On Record Gaetz Resigns 'Effective Immediately' After Trump AG Pick; DC In Full Blown Panic MAHA MEME noone2222 and John Bolton sitting in a tree K I S S I N G Donald Trump To Help Construct The Third Temple? "The Elites Want To ROB Us of Our SOVEREIGNTY!" | Robert F Kennedy Take Your Money OUT of THESE Banks NOW! - Jim Rickards Trump Taps Tulsi Gabbard As Director Of National Intelligence DC In Full Blown Panic After Trump Picks Matt Gaetz For Attorney General Cleveland Clinic Warns Wave of Mass Deaths Will Wipe Out Covid-Vaxxed Within ‘5 Years’ Judah-ism is as Judah-ism does Danger ahead: November 2024, Boston Dynamics introduces a fully autonomous "Atlas" robot. Robot humanoids are here. Trump names [Fox News host] Pete Hegseth as his Defense secretary

Science/Tech
See other Science/Tech Articles

Title: Attacks Escalate As Microsoft Announces Emergency .ANI Patch
Source: informationweek.com
URL Source: http://www.informationweek.com/news ... icle.jhtml?articleID=198701798
Published: Apr 5, 2007
Author: RickyJ
Post Date: 2007-04-05 00:40:17 by RickyJ
Keywords: Enough, Already!
Views: 146
Comments: 9

Attacks Escalate As Microsoft Announces Emergency .ANI Patch

Microsoft is getting ready to release an off-cycle patch Tuesday for the bug that has spawned more than 100 malicious sites and a worm over the last few days.

By Sharon Gaudin InformationWeek

April 2, 2007 12:03 PM

Microsoft is releasing an off-cycle patch Tuesday for the .ANI vulnerability that saw an escalating number of threats appearing over the weekend.

"From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat," Christopher Budd, security program manager at Microsoft's Security Response Center, wrote in a blog Sunday. "Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday, April 3, 2007."

Budd added that Microsoft's technicians will be testing the patch, which will be released on an 'as is' basis with no warrantees, right up until its release. It's possible, he noted, that they will find an issue that will force the release to be delayed.

The amount of attacks against the vulnerability intensified over the weekend, according to F-Secure, which noted that the first worm using the exploit was discovered roaming the Internet on Sunday. "We've seen a lot of activity relating to the .ANI exploit during the weekend," said Mikko Hypponen, chief research officer at F-Secure, in an e-mail to InformationWeek. "This vulnerability is really tempting for the bad guys. It's easy to modify the exploit, and it can be launched via Web or e-mail fairly easily."

Websense Security Labs reported that researchers there now are monitoring more than 100 Web sites that are spreading the .ANI zero-day exploit. Proof-of-concept code also is in the wild.

"Currently, the majority of the attacks appear to be downloading and installing generic password-stealing code," Websense reported on its blog. "Most sites are hosted in China. Interestingly, the most popular domain space being used is .com."

The .ANI vulnerability lies in the way Windows handles malformed animated cursor files and could enable a hacker to remotely take control of an infected system. The bug affects all the recent Windows releases, including its highly-touted Vista operating system. Internet Explorer is the main attack vector for the exploits.

"In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability, view a specially crafted e-mail message, or open a specially crafted e-mail attachment sent to them by an attacker," Adrian Stone, a Microsoft researcher, said in a blog. "While the attack appears to be targeted and not widespread, we are monitoring the issue and will update the advisory and blog as new information becomes available."

Last Friday, eEye Digital Security released a patch designed to prevent the latest exploit from working.

The Zeroday Emergency Response Team (ZERT) also released a patch "which addresses the core of the vulnerability, by ensuring that no more than 36 bytes of an "anih" chunk will be copied to the stack buffer, thus eliminating all potential exploit paths while maintaining compatibility with well-formatted animated cursor files." The patch is available for Microsoft Windows 98, 2000, XP, Server 2003, and Vista.

The Internet Storm Center is advising users that this is an unofficial patch and should be removed when Microsoft releases its own patch.

Post Comment   Private Reply   Ignore Thread  

Begin Trace Mode for Comment # 5.

#1. To: All (#0)

I have had enough of MS and the supposed security they have touted for their Operating Systems. A new "bug" has been found that allows a remote user to take control of a users computer and do as they please. Enough! I use to think it was just a case of incompetence on the part of some of MS employees, now I think it is deliberate and I am furious. I have little doubt MS is working with the government to spy on Americans and I am threw using their software on my home computer. I should have switched to Linux sooner but I make a living writing applications for Windows and I never had the time to switch. Now I am making the time, enough is enough!

RickyJ  posted on  2007-04-05   0:47:16 ET  Reply   Untrace   Trace   Private Reply  

I used PC's for years, and kept hoping that Microsoft would finally straighten up and release a decent OS. My last PC had ME pre-installed. That was enough to send me running screaming into the Apple camp, where I've been ever since. OS X is a very decent OS, and I'm very happy with my Apple computers.

Elliott Jackalope  posted on  2007-04-05   0:56:45 ET  Reply   Untrace   Trace   Private Reply  

One Word... Macintosh.

wakeup  posted on  2007-04-05   1:45:40 ET  Reply   Untrace   Trace   Private Reply  

        There are no replies to Comment # 5.

End Trace Mode for Comment # 5.

Top • Page Up • Full Thread • Page Down • Bottom/Latest

[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]