- Related Stories
-
Cursor flaw gives Vista security a black eye
April 4, 2007 -
Attackers exploit zero-day Windows flaw
March 30, 2007 -
Cursor hole puts Windows PCs at risk
March 29, 2007 -
Firefox 3 gets a first run
December 12, 2006 -
Microsoft tags IE 7 'high priority' update
July 26, 2006
Microsoft broke with its monthly patch cycle Tuesday to fix the bug, which cybercrooks had been using since last week to attack Windows PCs. The flaw relates to the way Windows handles animated cursors and could let an attacker commandeer a PC when the user views a malicious Web site or e-mail message.
The vulnerability could be exploited through any Windows application that relies on the operating system to handle animated cursor files. This includes Mozilla's Firefox Web browser, which according to some security experts exposes Windows Vista users to greater risk than Internet Explorer 7 because the latest Microsoft browser has additional security features.
"The vulnerability is caused by a Windows error?it can be exploited through both Firefox and Internet Explorer," Mike Schroepfer, vice president of engineering at Mozilla, said in a statement. "We are investigating issuing a workaround within Firefox in an upcoming security release." Mozilla coordinates Firefox development.
The Firefox workaround could be welcome for those users who, for whatever reason, don't install Microsoft's fix. Some compatibility problems with the Microsoft update have been reported. "Microsoft has issued a patch to fix Windows and we encourage all Windows users to apply this update immediately," Schroepfer said.
Security experts at Determina, which reported the animated cursor flaw to Microsoft, have published a video that shows how a Vista PC can be compromised by exploiting the flaw and how Firefox users are at a higher risk than IE 7 users.
See more CNET content tagged:
Mozilla Corp., Firefox, Microsoft Internet Explorer 7, Microsoft Corp., Microsoft Internet Explorer
- work around for Firefox users..
- by FutureGuy April 4, 2007 4:59 PM PDT
- ..use IE 7 for the time being.
- Like this Reply to this comment
-
-
- IE7
- by n3td3v April 4, 2007 6:00 PM PDT
- yes we need to get over the microsoft bashing and recommend their products.
- Like this
-
- did you *read* the article?
- by Solarion April 5, 2007 7:10 AM PDT
- "The vulnerability is caused by a Windows error?it can be exploited through both Firefox and Internet Explorer,"
- Like this View all 2 replies
Processing -
- exactly
- by ITprosupport April 6, 2007 8:13 PM PDT
- firefox is a good browser, but it is basicaly a rip off of ie7, which is fine but when their execs start say things like "this was due to a windows flaw...bla bla bla"come on if you want to play in the browser market grow up and take responsibility for product you little boy!!
- Like this View reply
Processing -
(7 Comments)n3td3v
IE7 gives you *no* protection, because it's a *Windows* flaw. Mozilla is talking about intercepting the attack *before* it reaches Windows, to protect you proactively.
The *real* solution would be to use something other than Windows, silly person.