• Information Security Office
• Secure Computing
• Security Alerts
• Microsoft Released Patch for Animated Cursor Vulnerability (MS07-017)

Security Alerts

Search Security Alerts:

April 4, 2007

Microsoft Released Patch for Animated Cursor Vulnerability (MS07-017)

This is an update to a previous posting. As expected Microsoft released the patch for the ".ani" animated cursor file vulnerability (MS Security Advisory 935423) this Tuesday April 3, 2007, one week ahead of their normal schedule. BigFix will push out this patch campus wide today Wednesday April 4, 2007 at 6PM. This push will not force a reboot, but a prompt to reboot will pop up.The vulnerability is in how Windows handles animated cursor (.ani) files. Microsoft confirmed last week that attackers could exploit it to run malicious commands on a victim's machine. The flaw can be exploited when users visit a malicious Web site or open a tainted email attachment. Users are at risk even if they are browsing with Internet Explorer 7 on a system running Windows Vista. Most versions of Windows are vulnerable. It is important that all campus computers with Microsoft Windows be patched for this vulnerability immediately via Windows Update if not through BigFix.