Monday, April 02, 2007

Cursor hole puts Windows PCs at risk -

This is a couple days old, but not an April Fool's joke. Beware (by the way!).
A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday.

The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory.

An attacker could exploit the vulnerability through a Web page or e-mail message with rigged computer code, Microsoft said.

"Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code," Microsoft said in its advisory.

Such holes are often exploited by cybercrooks to do "drive-by" installations of malicious software. Spyware and remote control tools that turn PCs into drones for the attacker are silently loaded onto vulnerable computers by tricking people to visit a rigged website or hacking a trusted site. The website for the Super Bowl stadium is a recent example of a drive-by attack.

Cursor hole puts Windows PCs at risk -
Update: Microsoft's Advisory on the vulnerability, updated yesterday, Mar. 31.
Additional Update: : Latest on security update for Microsoft Security Advisory 935423 There's an update coming 4/3 from MS, currently, on this vulnerability.
Third Update: Steve and Leo have a 10 minute podcast about this vulnerability.
And in other security vulnerability risks. Cross scripting vulnerability discussion (part 1) by Steve Gibson and Leo Laporte on Security Now.

(picture from an Aussie Computer Lock Company)

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.