Thursday, March 29, 2007

Microsoft Security Advisory 935423 Released

Microsoft Security Advisory (935423) relates to a vulnerability in Windows Animated Cursor Handling. According to the Advisory, Microsoft is investigating new public reports of targeted attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files.

Please note that for this this attack to work, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or e-mail attachment sent to them by an attacker.

So, what is the warning again? Practice safe surfing, do not open e-mails from strangers or attachments.

Windows Live OneCare has already been updated and the information will be shared with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Update 31Mar07: See the MSRC Blog Update on Microsoft Security Advisory 935423


No comments: