[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

“The government wants to make sure that that does not come out. A huge part of our political system is predicated on blackmail,”

You Know What Happens Next

Cash Jordan: Half-Built Tower Abandoned… as ICE Deports Entire ‘Migrant Workforce’

Heavy rainfall causes flash flooding Tuesday night, some cars stuck in high water on Chicago's West

Biden Doctor PLEADS THE FIFTH, Refuses To Testify To Congress, Biden Pardons ARE VOID

Joe Rogan says FBI director Kash Patel played him for a fool and maga for fools with the Jeff Epstein files

Elon's AI System "Grok" Went Rogue And Has Been SHUT DOWN in an Emergency!

Earthquake Swarms at One of the MOST DANGEROUS Volcanoes in the USA

Ben Shapiro Declares Epstein Case CLOSED: ‘Facts on the Ground Have Changed’

Iran receives 40 Chinese J10-C Fighter Jets

China’s Railgun Is Now Battle-Ready, Thanks to Nuclear Power

Chinese Hypersonic Advancements! Deadly new missile could decimate entire US fleet in 20 minutes

Iran Confirms Massive Chinese HQ 9 B Missile Deal

Why Is Europe Hitting 114°F And Still Rising?

The INCREDIBLE Impacts of Methylene Blue

The LARGEST Eruptions since the Merapi Disaster in 2010 at Lewotobi Laki Laki in Indonesia

Feds ARREST 11 Leftists For AMBUSH On ICE, 2 Cops Shot, Organized Terror Cell Targeted ICE In Texas

What is quantum computing?

12 Important Questions We Should Be Asking About The Cover Up The Truth About Jeffrey Epstein

TSA quietly scraps security check that every passenger dreads

Iran Receives Emergency Airlift of Chinese Air Defence Systems as Israel Considers New Attacks

Russia reportedly used its new, inexpensive Chernika kamikaze drone in the Ukraine

Iran's President Says the US Pledged Israel Wouldn't Attack During Previous Nuclear Negotiations

Will Japan's Rice Price Shock Lead To Government Collapse And Spark A Global Bond Crisis

Beware The 'Omniwar': Catherine Austin Fitts Fears 'Weaponization Of Everything'

Roger Stone: AG Pam Bondi Must Answer For 14 Terabytes Claim Of Child Torture Videos!

'Hit Us, Please' - America's Left Issues A 'Broken Arrow' Signal To Europe

Cash Jordan Trump Deports ‘Thousands of Migrants’ to Africa… on Purpose

Gunman Ambushes Border Patrol Agents In Texas Amid Anti-ICE Rhetoric From Democrats

Texas Flood


Science/Tech
See other Science/Tech Articles

Title: Attacks Escalate As Microsoft Announces Emergency .ANI Patch
Source: informationweek.com
URL Source: http://www.informationweek.com/news ... icle.jhtml?articleID=198701798
Published: Apr 5, 2007
Author: RickyJ
Post Date: 2007-04-05 00:40:17 by RickyJ
Keywords: Enough, Already!
Views: 204
Comments: 9

Attacks Escalate As Microsoft Announces Emergency .ANI Patch

Microsoft is getting ready to release an off-cycle patch Tuesday for the bug that has spawned more than 100 malicious sites and a worm over the last few days.

By Sharon Gaudin InformationWeek

April 2, 2007 12:03 PM

Microsoft is releasing an off-cycle patch Tuesday for the .ANI vulnerability that saw an escalating number of threats appearing over the weekend.

"From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat," Christopher Budd, security program manager at Microsoft's Security Response Center, wrote in a blog Sunday. "Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday, April 3, 2007."

Budd added that Microsoft's technicians will be testing the patch, which will be released on an 'as is' basis with no warrantees, right up until its release. It's possible, he noted, that they will find an issue that will force the release to be delayed.

The amount of attacks against the vulnerability intensified over the weekend, according to F-Secure, which noted that the first worm using the exploit was discovered roaming the Internet on Sunday. "We've seen a lot of activity relating to the .ANI exploit during the weekend," said Mikko Hypponen, chief research officer at F-Secure, in an e-mail to InformationWeek. "This vulnerability is really tempting for the bad guys. It's easy to modify the exploit, and it can be launched via Web or e-mail fairly easily."

Websense Security Labs reported that researchers there now are monitoring more than 100 Web sites that are spreading the .ANI zero-day exploit. Proof-of-concept code also is in the wild.

"Currently, the majority of the attacks appear to be downloading and installing generic password-stealing code," Websense reported on its blog. "Most sites are hosted in China. Interestingly, the most popular domain space being used is .com."

The .ANI vulnerability lies in the way Windows handles malformed animated cursor files and could enable a hacker to remotely take control of an infected system. The bug affects all the recent Windows releases, including its highly-touted Vista operating system. Internet Explorer is the main attack vector for the exploits.

"In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability, view a specially crafted e-mail message, or open a specially crafted e-mail attachment sent to them by an attacker," Adrian Stone, a Microsoft researcher, said in a blog. "While the attack appears to be targeted and not widespread, we are monitoring the issue and will update the advisory and blog as new information becomes available."

Last Friday, eEye Digital Security released a patch designed to prevent the latest exploit from working.

The Zeroday Emergency Response Team (ZERT) also released a patch "which addresses the core of the vulnerability, by ensuring that no more than 36 bytes of an "anih" chunk will be copied to the stack buffer, thus eliminating all potential exploit paths while maintaining compatibility with well-formatted animated cursor files." The patch is available for Microsoft Windows 98, 2000, XP, Server 2003, and Vista.

The Internet Storm Center is advising users that this is an unofficial patch and should be removed when Microsoft releases its own patch.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

Begin Trace Mode for Comment # 8.

#1. To: All (#0)

I have had enough of MS and the supposed security they have touted for their Operating Systems. A new "bug" has been found that allows a remote user to take control of a users computer and do as they please. Enough! I use to think it was just a case of incompetence on the part of some of MS employees, now I think it is deliberate and I am furious. I have little doubt MS is working with the government to spy on Americans and I am threw using their software on my home computer. I should have switched to Linux sooner but I make a living writing applications for Windows and I never had the time to switch. Now I am making the time, enough is enough!

RickyJ  posted on  2007-04-05   0:47:16 ET  Reply   Untrace   Trace   Private Reply  


#7. To: RickyJ (#1)

eNOUGH!

I'm going to take one of my old 500 processor computers out of the closet, backup all of the programs I have on it that I like as well as my photos etc, then I'm going to reformat and install open souce Linux so if I screw up, I won't wreck this XP machine. I'll let you know how I make out..

IndieTX  posted on  2007-04-05   3:03:35 ET  Reply   Untrace   Trace   Private Reply  


#8. To: IndieTX (#7)

I'm going to take one of my old 500 processor computers out of the closet, backup all of the programs I have on it that I like as well as my photos etc, then I'm going to reformat and install open souce Linux so if I screw up, I won't wreck this XP machine. I'll let you know how I make out..

I have my XP pro installation backed up daily, wouldn't have it any other way with all of the holes Windows has, don't want to ever lose any data again like I did when MS Blaster hit in 2003. I was mad at myself for not being properly protected from that virus, but I should have been mad at MS for leaving such extreme security holes open in the first place, and MS Blaster was an extremely bad virus, at least it was for me. I lost a whole HD worth of data, with most of my school projects on it. I had no backup so the loss was complete. Doesn't really matter, I didn't learn much in school that I didn't already know anyway.

I am going to use Norton's Partition Magic to partition my hard drive so I can dual boot either XP pro, or Linux Unbuntu. I can't completely get away from MS yet, at least not until I have a job writing software for Linux, but I will use it for general surfing the net and I am looking forward to learning more about it.

RickyJ  posted on  2007-04-05   4:07:19 ET  Reply   Untrace   Trace   Private Reply  


Replies to Comment # 8.

#9. To: RickyJ (#8)

Another option to dual booot is a hosted operating system. http://vmware.com offers software that lets you run a "guest" operating system, like windoz, on a linux system so you can switch from one to the other with both running simultaneously. It does put a load on the computer so I wouldn't bother with it with less than a 2 ghz system and 512 meg ram, but it does work.

win4lin is another provider for dual OS systems, but last I checked they were not up to snuff on hosting XP/2000 and above, but it is much cheaper. (Vmware is one or 2 hundred).

Neil McIver  posted on  2007-04-05 11:22:49 ET  Reply   Untrace   Trace   Private Reply  


End Trace Mode for Comment # 8.

TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]