Monday, April 2, 2007

ANI Vulnerability update: MS official patch tomorrow

Looks like Microsoft will be releasing a fix for the ANI (mouse animated cursor) vulnerability a week early. Tomorrow in fact . . . assuming the patch passes testing today.

"From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.

I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it’s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know."

If any of you installed the 3rd party patch released Friday by eEye to mitigate this exploit, and you choose to install the MS patch tomorrow ( I highly recommend using the supported MS patch when it becomes available to prevent future compatibility problems ) then there are extra steps you need to make before updating.


1) Close all programs, especially email programs and all browsers.

2) UN-install the "eEye Digital Security .ANI Zero-Day Patch" (Control Panel >> Add / Remove Programs)

3) Reboot

4) Use Windows Update Services (IE Browser, Tools >> Windows Update) and get the new patch.

5) Reboot.

IMPORTANT: It's advisable that users refrain from checking email or surfing the web between the time they uninstall the 3rd party patch and install the Microsoft patch.