Internet Explorer security problem spreads
A security hole in Internet Explorer is being used to spread a worm. The malware can be picked up just by visiting a site without the need to click anything. According to one report:
There’s a new Microsoft Windows vulnerability being exploited across the Internet on over 150 Web sites. The vulnerability is caused by an unspecified error in the way Windows 2000, XP, and Vista handles animated cursors.
Firefox and Opera are not affected. The situation is dangerous enough that Microsoft is issuing a patch outside its usual security cycle. The patch is suppossed to be available tomorrow. ZDNet says:
Microsoft plans to release an emergency, out-of-cycle Windows update on Tuesday, April 3, 2006 to patch the animated cursor (.ani) vulnerability currently being used in widespread malware attacks.
The decision follows a weekend of escalated attacks, which include a self-propagating worm spotted in China and the discovery of hundreds (possibly thousands) of hacked Web sites hosting animated cursor exploits.
ZDNet also reports that Microsoft has known about the securuity problem since December:
A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday’s discovery of Internet Explorer drive-by attacks.
Added later: Security expert Larry Seltzer has an eWeek article about his disappointment at Microsoft’s handling of this security exploit.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.