p2pnet - rss feed: Microsoft cursor bug found
p2pnet.net news:- Bill and the Boyz say they’ll today issue a fix for a critical flaw in the way Windows, including Vista, handles animated cursors.
Microsoft has been aware of it since December, but it became known to the general public only last week.
To make things worse, W32.Fubalca, a new worm which infects executables and HTML-type files, inserting links to malicious Animated Cursor files, has been found in the wild, says Symantec Security Response.
“The worm infects executables on all drives (including removable drives), except for the drive that Windows is installed upon (e.g. C:),” says the alert. “As well as exploiting the vulnerability, the worm appears to spread through removable drives and already-mapped network shares.”
Now, “From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat,” says Christopher Budd on the Microsoft Security Response Center Blog, going on:
Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.
I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it’s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know.
I’m sure one question in people’s minds is how we’re able to release an update for this issue so quickly. I mentioned on Friday that this issue was first brought to us in late December 2006 and we’ve been working on our investigation and a security update since then. This update was previously scheduled for release as part of the April monthly release on April 10, 2007. Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10.
Also See:
animated cursors - Windows cursor threat, March 31, 2007
Symantec Security Response - This is no April Fool’s Day joke, April 1, 2007
Microsoft Security Response Center Blog - Latest on security update for Microsoft Security Advisory 935423, April 1, 2007
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at thIs the end (of the Net) nigh?zze University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!
