Vulnerability in Windows Animated Cursor Handling

Zazula · 03-29-2007, 06:22 PM

Microsoft Security Advisory (935423)

Microsoft is investigating new public reports of targeted attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

Related Software
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Vista

Workarounds for Animated Cursor Vulnerability
Read e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to help protect yourself from the HTML e-mail preview attack vector.
Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or a later version and Microsoft Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 or a later version can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.For information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387.

Impact of Workaround: E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:
• The changes are applied to the preview pane and to open messages.
• Pictures become attachments so that they are not lost.
• Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

As a result of this issue, Microsoft is preparing a Security Update to address it.

tetonbob · 04-01-2007, 09:35 AM

Thanks, Zazula -

More reading here:

http://www.pcworld.com/article/id,13...s/article.html

tetonbob · 04-02-2007, 08:50 PM

Read it in it's entirety here:

http://blogs.technet.com/msrc/archiv...ry-935423.aspx

Quote:

Latest on security update for Microsoft Security Advisory 935423

Hello everyone, this is Christopher Budd.

We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling.

From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.

I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it’s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know.

More reading here:

http://www.crn.com/security/198701903

tetonbob · 04-03-2007, 08:16 PM

Official update has been issued:

http://www.microsoft.com/technet/sec.../MS07-017.mspx

03-29-2007, 06:22 PM	#1 (permalink)
Zazula Manager Emeritus, I'm blond, James Blond Join Date: Apr 2006 Location: Athens, Greece Posts: 7,667 OS: Win XP Pro SP2	Vulnerability in Windows Animated Cursor Handling Microsoft Security Advisory (935423) Microsoft is investigating new public reports of targeted attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker. Related Software Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows Vista Workarounds for Animated Cursor Vulnerability Read e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to help protect yourself from the HTML e-mail preview attack vector. Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or a later version and Microsoft Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 or a later version can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.For information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387. Impact of Workaround: E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally: • The changes are applied to the preview pane and to open messages. • Pictures become attachments so that they are not lost. • Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly. As a result of this issue, Microsoft is preparing a Security Update to address it. __________________ "Time is the wisest because it discovers everything" Thales of Miletus (ca.624BC-ca.546BC) "Everything flows, nothing stands still." Heraclitus of Ephesus (ca.535BC-475BC) "One thing I know, that I know nothing" Socrates of Athens (ca.470BC–399BC)

04-01-2007, 09:35 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,592 OS: 2000 Pro; XP Pro; XP Home	Re: Vulnerability in Windows Animated Cursor Handling Thanks, Zazula - More reading here: http://www.pcworld.com/article/id,13...s/article.html __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-03-2007, 08:16 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,592 OS: 2000 Pro; XP Pro; XP Home	Re: Vulnerability in Windows Animated Cursor Handling Official update has been issued: http://www.microsoft.com/technet/sec.../MS07-017.mspx __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009