Saturday, March 31, 2007

ANI vulnerability: Windows Zero Day attack

The last few days saw the discovery of another very serious exploit that takes advantage of a bug in the way Windows XP, Vista and 2003 and Outlook handles animated mouse cursers. A longer list of all vulnerable products is available here. Microsoft has no fix available yet.

As of at least yesterday (and probably longer) researchers have found numerous web sites that are delivering malicious Trojans via this vector. Craig Schmugar at McAfee reports that this includes some fairly popular and supposedly trustworthy sites like the Dolphins Superbowl site, which is compromised and forwards visiters to non-trusted servers.

So far the best advice is to completely turn off email previewing in all versions of Outlook and Outlook Express, to help mitigate infection via spam. Don't open any spam, especially unexpected emails with attachments. And finally don't visit infected websites - which begs the question of how would we know it's infected?

Until a patch is available, be extra careful!