Microsoft announces earlier than planned update for vulnerability
Microsoft aims to release on Tuesday an earlier than planned update to fix the critical security vulnerability in handling animated cursor files. This is urgently necessary, as the vulnerability is already being exploited by prepared websites.
Malicious files on sites identified to date have, however, been .jpg, gif, .css, .htm or .js files, rather than .ani files. This means that filtering out files with specific extensions at the internet gateway does not offer protection. US-CERT has, however compiled information, on the basis of which it is possible to generate signatures for an intrusion prevention or detection system.
According to Microsoft, frequently updating virus signatures should help detect new versions of the malware. According to Andreas Marx from av-test.org, virus scanner detection rates over the weekend were fair to middling at best.
In its announcement of the forthcoming patch, Microsoft mentions that the company has been working on an update since December and that this has already been extensively tested, so that nothing should stand in the way of early release. Users who have installed the unofficial patches from eEye or ZERT should uninstall these patches before installing the update.
The timing of the early update announcement (April 1st) was unfortunate. Wagging tongues are claiming that it is the Redmond company's idea of an April fool. Because of the seriousness of the vulnerability, however, it is not something about which Microsoft can afford to joke - business users are unlikely to see the funny side.
- Latest on security update for Microsoft Security Advisory 935423, entry in Microsoft's security Blog