March 29, 2007 12:14 PM PDT

Cursor hole puts Windows PCs at risk

A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday.

The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory.

An attacker could exploit the vulnerability through a Web page or e-mail message with rigged computer code, Microsoft said.

"Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code," Microsoft said in its advisory.

Such holes are often exploited by cybercrooks to do "drive-by" installations of malicious software. Spyware and remote control tools that turn PCs into drones for the attacker are silently loaded onto vulnerable computers by tricking people to visit a rigged Web site or hacking a trusted site. The Web site for the Super Bowl stadium suffered a recent example of a drive-by attack.

Sample code that demonstrates the vulnerability has already been posted on the Web, McAfee said in a security alert sent to customers. "Malware exploiting this vulnerability has been observed in the wild," the security company said in the alert.

Other security experts also raised an alarm. "I expect attackers will pick up on this as soon as they figure out how to, we'll very shortly see the usual suspects using it," said Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs. "The sample site is already offline; this could be a prelude to a bigger attack."

Animated cursors allow a mouse pointer to appear animated. The animated-cursors feature is designated by the .ani suffix, but a successful attack is not constrained by this file type, Microsoft said. As a result, simply blocking such files won't protect a PC.

The exposure to attacks that exploit the flaw is mitigated on Vista machines with Internet Explorer 7, Microsoft noted. IE 7 protected mode shields the computer against drive-by installations because the browser is restricted to where it can write files.

See more CNET content tagged:
attacker, cyberattack, vulnerability, attack, security

26 comments

Join the conversation!
Add your comment
News Flash
It was reported today that all Windows PCs have a vulnerability that can allow a malicious user to take over that PC. The vulnerability is enabled by turning on the PC....
Posted by befuddledms (113 comments )
Reply Link Flag
The most SECURE Operating System!!!
Thank God Microsoft Vista is more secure than my Apple Mac OS X
systems.

Otherwise I might be worried that my computer could be hijacked
and used as a spambot.

Or my identity could my stolen.

But then again, I use Apple OS X to avoid these problems.
Posted by WO Dood (1 comment )
Reply Link Flag
Read the last paragraph
The exposure to attacks that exploit the flaw is mitigated on <b><u>Vista</u></b> machines with Internet Explorer 7, Microsoft noted. IE 7 protected mode <b>shields</b> the computer against drive-by installations because the <u>browser is restricted</u> to where it can write files.

Therefore, only the temporary folder and any open tabs (if the exploit even goes that far) is succeptable.
Posted by timber2005 (720 comments )
Link Flag
Get your facts straight
Microsoft never claimed Vista was secure, they just said it was the most secure version of Windows they've ever produced.

And the fact that they try to sell you optional security software (OneCare) should tell you just how secure they think it is.
Posted by rcrusoe (1305 comments )
Link Flag
How many others will have problems?
I wonder where similar sorts of issues will show up on other OSes. Mozilla recently patched a similar bug in Firefox 2.0.1 (mfsa2006-69). That one was only known to cause a browser crash, but still not a particularly good thing!

I wouldn't be at all surprised if a closer look at how other OSes and applications handle cursors could lead to more vulnerabilities being discovered?
Posted by Hoser McMoose (182 comments )
Link Flag
Just as vulnerable
You're living in a dream world. How's that mega patch doing.

<a class="jive-link-external" href="http://news.cbsi.com/Apple+megapatch+plugs+45+security+holes/2100-1002_3-6166971.html" target="_newWindow">http://news.cbsi.com/Apple+megapatch+plugs+45+security+holes/2100-1002_3-6166971.html</a>
Posted by nelzp0929 (34 comments )
Reply Link Flag
Oh?
That's funny how you point to what in 'doze would be considered a medium-sized patch for OSX.

Meanwhile, I can move my mouse cursor anywhere I want to here on OSX w/o fear of infection... BWAHAHAHAHAHAHA!

/P
Posted by Penguinisto (5042 comments )
Link Flag
Welcome to Windows...
...where even your freakin' MOUSE CURSOR can get you r machine compromised...

(such news has gotta be humiliating, even for Windows).

/P
Posted by Penguinisto (5042 comments )
Reply Link Flag
Is Microsoft so far gone...
They can't even secure something as simple and mundane as the cursor. Is this a joke or are we all the fools?

Robert
Posted by Heebee Jeebies (632 comments )
Reply Link Flag
Fools?
To stick with a company as wretched as Micros**t you must be.
Posted by Nigel Ashton (10 comments )
Link Flag
10 Years Ago It Was Screensavers
Ten years ago the computer infection making the rounds was the .scr exploit. So here we are today and now it is cursors.

Hacker heaven here I come...
Right back where I started from...
Na na na na na na na, na na na na na
Posted by Stating (869 comments )
Reply Link Flag
Which is it?
You save Windows Vista is vulnerable up front in the article, but then retract the statement more or less at the end of the article by saying IE 7 protects you from it.
Posted by WJeansonne (480 comments )
Reply Link Flag
Which Is It?
What the article doesn?t mention is that IE7 has differing levels of security depending on what version of Vista it is installed in. The Business and Ultimate versions have the upgraded security level and presumably IE7 in those versions is not vulnerable to the attack.

The cheaper Basic and Home Premium versions would then be vulnerable, but the enterprise oriented Business and Premium versions would not be.

The article should have pointed that out, but too often CNet articles are too brief. Space or time constraints perhaps?
Posted by gmcaloon--2008 (72 comments )
Link Flag
Both are correct... (* CHUCKLE *)
IE7 is flawed PER CNet's report and PER the exploit code which is already out.

But IE7 protects you from such exploit PER Microsoft.

So now, that only leaves one question to be answered... (* ROFLOL *)

Who do you beleve? CNet and those who expoited the code or Microsoft... (* CHUCKLE *)

FWIW
Posted by wbenton (522 comments )
Link Flag
Quite well, thanks for asking
I'll take a patched, not exploited system over a not-yet-patched,
already exploited system any day, thankyouverymuch.
Posted by jimothyGator (96 comments )
Reply Link Flag
Reply to 'Just as vulnerable'
Sorry, this was meant to be a reply to 'Just as vulnerable,' which
asked, "How's that mega patch doing[?]" My Mac got hijacked by
animated cursor demons. Either that, or I clicked the wrong reply
link.
Posted by jimothyGator (96 comments )
Link Flag
i agree
Just let me know when you find that unexploited system.
Posted by rapier1 (2722 comments )
Link Flag
Does anybody know if Firefox is vulnerable to this flaw?
Or is it just IE?
Posted by fcekuahd (244 comments )
Link Flag
So much for Vista's "new" security design?
I have not followed Vista too closely (my "upgrade" from XP is Linux), but as part of my effort to keep up with desktop computing in general (friends/family always asking for help/advice ;-), it was my understanding that Vista was supposed to have been developed from the ground up with a new security model. Since this exploit affects all versions from Windows 2000 and up, it seems at least some parts are "legacy" code with it attendant inherited vulnerabilities.

Marketspeak strikes again :-{
Posted by rocwoof (87 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.