Microsoft to patch animated cursor bug early
[author:zyk06 Public time:Apr 2, 2007] |
|
Microsoft Corp. will patch the increasingly dangerous Windows animated cursor vulnerability tomorrow, a week early, a spokesman of the company's security team said yesterday.
"Microsoft originally planned to release the update on Tuesday, April 10 as part of its regular monthly release of security bulletins," the spokesman said in an e-mail. "However, Microsoft is aware of the existence of a public attack utilizing the vulnerability...[and] since testing has been completed, Microsoft will release the update ahead of schedule to help protect customers."
The announcement followed a weekend of escalating warnings from security organizations and reports from China's Internet Security Response Team (CISRT) of an in-the-wild worm using the unpatched vulnerability. Symantec Corp. and other anti-virus companies confirmed the existence of the Fubalca worm yesterday.
Over the weekend, a number of events showed the speed with which attackers were moving. First, exploit source code was publicly posted on a security mailing list, then McAfee Inc. said it had seen at least one spam run that linked to the exploit, and finally, Websense Inc. claimed it had spotted more than 100 malicious sites spreading the exploit, a 10-fold increase over the day before.
Microsoft's decision to push the patch out tomorrow may have come just in time. This weekend, Ken Dunham, director of VeriSign Inc.'s iDefense rapid response team, said: "We are in the eye of the storm. Spam run-type attacks pose significant danger to enterprises as the work week resumes. Popularization of the exploit is under way amongst multiple hackers and it's trivial to use and modify.
"This is undoubtedly a serious issue that will persist for many months if not years, attacking vulnerable computers," said Dunham.
On Saturday, Microsoft's Security Response Center (MSRC) added Windows Server 2003 SP2 to the long list of Windows editions affected by the bug. Yesterday, Christopher Budd, an MSRC program manager, acknowledged that attacks leveraging the flaw had increased. "In light of these points and based on customer feedback, we have been working around the clock to test this update," Budd said on the MSRC blog.
The emergency fix, pegged as MS07-017, will be released through Microsoft's normal channels, including Automatic Updates, Windows Update and the enterprise-oriented Windows Server Update Services (WSUS). MS07-017 will be only the third out-of-cycle patch from Microsoft in over two years.
Author: Gregg Keizer
Source: http://www.computerworld.com/
Printed From:http://www.free-press-release.com/news/200704/1175517621.html
Source:Free Press Release
Similar news >>
Attack Code Out for Critical Kodak Bug in Windows [Oct 30, 2007]
Kaspersky Lab announces support for Microsoft Network Access Protection (NAP) technology [Sep 12, 2007]
Microsoft Releases Fixes for Just Four Flaws [Sep 12, 2007]
ISAN-IA Licenses Microsoft's New Multicolor Bar Code Technology [Apr 16, 2007]
Microsoft to push fix for patch trouble [Apr 10, 2007]
Microsoft To Release Five Patches On 10 April [Apr 7, 2007]
Microsoft to patch animated cursor bug early [Apr 2, 2007]
Free to Get rid of Viruses, Spyware and Adware from your computer [Feb 7, 2007]
Finding Vista's Flaws - Microsoft learns to think like hackers [Feb 5, 2007]
Microsoft joins SSL VPN appliance market [Feb 2, 2007]
|
|
