More on the latest Windows security problem
As noted in two previous posts (here and also here) a zero-day exploit involving a security hole in the way Windows handles ANI (cursor) files was being used in drive-by attacks from a number of infected Web sites. It had been previously reported that Internet Explorer on Vista and Firefox were not affected but that turns out to be incorrect. ZDNet reports:
Early reports claiming that Firefox or IE7 were immune were incorrect. The bug is particularly insidious because of its location way down deep in the Windows “user32.dll” system file. From there it can render almost all programs running on Windows vulnerable, including Internet Explorer, Outlook, Firefox, Windows Explorer, and more. Just avoiding certain types of files won’t help
Today Microsoft issued seven emergency security patches and everyone should install them from this download site. Both XP and Vista need patches. It is a little discouraging that buffer overflow problems (which the cursor problem is) are showing up already in the much vaunted Vista.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.