Microsoft issues emergency Windows patch

Microsoft has released an update that fixes seven separate Windows vulnerabilities, all of which were rated "critical" by the software giant. As expected, the release patches the way Windows processes .ani Animated Cursor files – Microsoft decided to break its patch cycle because attackers were finding more ways to exploit the flaw in its Windows operating system. Microsoft was first notified of the flaw in December 2006 by security vendor Determina. "I have no idea why they didn't do this earlier," said Nand Mulchandani, Determina's vice president of marketing.

Windows users are strongly encouraged to install the patch because the .ani flaw can be used to exploit computers running virtually any version of Windows, including Vista, even if they are running non-Microsoft browsers like Firefox and Opera, Mulchandani said. "We have more than 400 different URLs identified and related to attacks, and multiple e-mails have been sent out that direct people back there. We have proof that organized groups are now launching attacks," said Ken Dunham, director of malicious code intelligence with iDefense. Exploit code for the flaw has now been added to the widely used Metasploit hacking tool, and there are automated malicious Web site generation tools available, he added.

Link: Forum Discussion (Thanks JorgeIvan)
News source: InfoWorld

Report a problem with article
Previous Story

Samurize 1.64.3 Final

Next Story

EarthDesk 4.0

19 Comments

Commenting is disabled on this article.

i installed it just now and it rebooted my system and upon booting it said something about user32.dll being moved into the memory.

Son of a...
Well, that's good to know; I bunged an extra 2GB of RAM in my box just before WU downed the update and that error got me worried...

edit: why validation is required I'd love to know, seeing as it's their freely available patch that caused the problem

I still cant see why we cant have a "download as they're released" system, where they can be downloaded via WU as soon as theyre done.

i dont see the need for "patch tuesday"

There is a very good reason for "patch Tuesday". I don't know about you but many network administrators and people like me do not like to reboot systems every other day for a patch that just got released.

This used to be the system that MS went with but opted for a monthly system that's more predictable so we know on a given Tuesday to expect some updates.

There is a Microsoft mailing list that one can subscribe to get to advanced warning of what updates are comming up and also this is an emergency update that was released outside the 2nd Tuesday of the month cycle that is known as patch Tuesday.

Nothing's bug free :P (with the possible exception of some space shuttle stuff )
But... linux bugs tend not to be able to take out your entire PC.
(Disclaimer: written from a laptop running XP SP2. Not trying to troll, just trying to say what the last guy seemingly couldn't. )

It was a joke MJ ;). If you want to call it trolling, that's fine. I consider it being a "squeaky wheel". My goal is to get the attention of people that can change problems I see in my industry (not other posters)... in particular, Microsoft. They are the largest provider of tools that we use.