Microsoft rushes out animated cursor security fix

By JorgeIvan
in Back Page News

 Share

Recommended Posts

Grand Master

JorgeIvan

Posted
Posted

Microsoft is to issue an out-of-cycle patch tomorrow for a flaw it revealed last week concerning how Windows treats animated cursor files.

The vulnerability occurs in Windows Vista, Windows 2000 SP4, Windows XP SP2 and some versions of Windows Server 2003.

It can be exploited via email and via websites running the malicious code. Attacks based on the flaw have risen sharply since its discovery last week.

Microsoft had planned to release the patch as part of its monthly update due on 10 April, but the increase in exploits has prompted the firm to release the patch a week early.

Christopher Budd, a security programme manager at Microsoft, said on the company's Security Response Centre Blog: "Over this weekend attacks against this vulnerability have increased somewhat."

"Due to the increased risk to customers, we were able to expedite our testing to ensure an update for broad distribution sooner than 10 April."

Microsoft claimed that the attacks and customer impact are "limited", but is encouraging users to download the patch as soon as it is made available.

Two unofficial patches have already been released to fix the bug, one from eEye Digital Security and one from the Zeroday Emergency Response Team.

Microsoft said that it is working with law enforcement officers to track down attackers.

http://www.vnunet.com/vnunet/news/2186975/...rushes-animated

Community Regular

Joe User 99

Posted
Posted

It's already here.

Microsoft Security Bulletin MS07-017

Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

Direct Download Links:

Windows 2000 SP4

Windows XP SP2

Windows XP X64

Windows Server 2003

Windows Server 2003 Itanium

Windows Server 2003 X64

Windows Vista

Windows Vista X64

Grand Master

leesmithg

Posted
Posted
Just installed it from Windows Update on Windows Vista (Y). And it required a reboot.

http://support.microsoft.com/kb/925902

True, got it an hour ago, wish they would go back to releasing updates as they're ready, so we are protected quicker, seems pointless sometimes having automatic updates set as standard.

Mine was XP Pro only update available can't remember it's KB number.

Grand Master

ahhell

Posted
Posted

Most AV apps pick up this "virus". McAfee, at worked, picked it up.

Zert has a test site to check and see if your browser is vulnerable.

http://zert.isotf.org/advisories/zert-2007-01.htm

NOTE: This doesn't seem to affect Firefox.

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted
Most AV apps pick up this "virus". McAfee, at worked, picked it up.

Zert has a test site to check and see if your browser is vulnerable.

http://zert.isotf.org/advisories/zert-2007-01.htm

NOTE: This doesn't seem to affect Firefox.

NOD32 picked it up from the test page too (Y).

Experienced

jmc777

Posted
Posted
So even with UAC and all that stuff, Vista is STILL vulnerable?

One of the articles in the original post says...

Only users running Windows Vista and Internet Explorer 7 in protected mode appear to be safe, according to Microsoft.

In protected mode, no file is allowed to access or modify any system files without user permission.

Grand Master

User6060

Posted
Posted
Sounds like a COMBO thing. Vista AND IE7 in protected mode. Is IE7 in protected mode by default on Vista?

If that were the case that Vista alone was unable to be harmed by it, why would they release a patch for Vista?

Yes UAC and IE7 protected mode (needs UAC enabled) are default, so most Vista users were immune to this threat. UAC is already holding its worth. Why I have it on and I'm a pretty knowledgeable computer user.

Grand Master

xendrome

Posted
Posted
Sounds like a COMBO thing. Vista AND IE7 in protected mode. Is IE7 in protected mode by default on Vista?

If that were the case that Vista alone was unable to be harmed by it, why would they release a patch for Vista?

Because not everyone is running in protected mode.. some corporate/business apps have issues.

And they need to fix the bug... damned if they do, damned if they don't!

Grand Master

obsolete_power

Posted
Posted

This patch killed my WMP. Everytime I try and open it, it stops responding! I uninstalled the patch, didn't help. System restore didn't help either. Is anyone else experiencing this issue? I heard many people are having trouble with this patch.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

      The useful lapdogs  
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

    • Until Dawn 2 revealed featuring new cast, new story, and new developer

      By leonsk29 · Posted

      Nobody is buying a PS5 only for playing Until Dawn 2. Their loss.
    • Microsoft introduces Web IQ, a Bing-powered search system built for AI agents

      By Legend20 · Posted

      If you actually used it instead of responding like a petulant child you might be surprised. I switched from Google some time ago and have been very satisfied.
    • [NEWS] Over 105000 games are available to play on Linux.

      By FateTrap · Posted

      I am one of the first people to use the DXVK technology. In the channel below you can see some videos that I have made using this technology, including Assassin's Creed Odyssey. https://www.youtube.com/@nahum7995/videos Assassin's Creed Odyssey experienced several bugs and technical issues during its first months after release. It launched with its own fair share of funny but frustrating glitches. I ran it on DXVK 9 days after its release and I played it for many hours but didn't see a single significant bug on Linux. Assassin's Creed Odyssey is widely celebrated for pushing the franchise in bold new directions and specifically for nailing several elements better than any other title in the AC series: Player Choice & Branching Narrative, The Mercenary & Cultist System, Mythological Integration, Overpowered Combat Abilities, Open World Exploration But what I'm trying to point out is that this game wasn't quite playable on most windows systems, until a few months after its release when most of the bugs were fixed. However, on Linux it ran completely flawless from day one, although DXVK had seen little development and refinement at the time. What do you think the situation will be in 2026 now that most bugs and glitches of DXVK have been completely eliminated? This is information from Google about these situations that I am quoting. In many cases, using DXVK (a translation layer that converts DirectX 9, 10, or 11 into Vulkan) can result in more stable frame times and higher performance than native Windows rendering. This happens primarily by bypassing driver overhead and multithreading draw calls that were previously restricted to a single CPU core. Older APIs (like DirectX 9 and 11) are largely single-threaded on the CPU side. DXVK translates these calls to Vulkan, which is highly multi-threaded. This reduces CPU-bound stuttering on weaker processors. In certain cases, GPU manufacturers (especially AMD) have significantly better and more modern Vulkan drivers than they do for legacy DirectX. Vulkan gives developers—and in this case, the translation layer—closer control over how resources are held in VRAM. This can prevent micro-stutters and sudden frame drops during chaotic gameplay. Yes, certain games, particularly older DirectX 9 to 11 titles, can run with fewer crashes on DXVK than on native Windows. By intercepting DirectX draw calls and translating them into the modern, highly efficient Vulkan API, DXVK bypasses the limitations and poor driver support that cause instability in aging game engines. PlayStation 1, PlayStation 2 and PlayStation 3 can be easily and perfectly emulated on Linux. In fact, modern Linux emulators offer high-performance upscaling, widescreen patches, and automatic controller mapping out of the box.                                                                                                                                                                                                                                                                                                                                 PlayStation 1/2/3 games look drastically better on Linux thanks to resolution upscaling. Furthermore, it is also a fact that you cannot play many fun games on Windows either, isn't it? - The Nintendo Switch has an extensive library of exclusive games. - PlayStation has an extensive library of exclusive games - Android has "mobile-exclusive" games, meaning they are exclusive to mobile devices (iOS and Android) and aren't available on PC or consoles. And finally, it is also the case that in the next five years there will be games that millions of people will say you absolutely must play and that they want to play this specific game that released a few days ago. However, the other side of this story is that currently, absolutely no one cares that they cannot play these upcoming games right now.

  • Recent Achievements

    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In
    • Week One Done
      jefred earned a badge
      Week One Done
    • Apprentice
      JoeyNeo went up a rank
      Apprentice

  • Popular Contributors

    1. 1
      +primortal
      486
    2. 2
      PsYcHoKiLLa
      232
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      68
    5. 5
      Michael Scrip
      58
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!