Security Alerts
April 2, 2007
Microsoft Plans to Release Patch for Animated Cursor File Vulnerability MS07-017
Microsoft plans to release an earlier than expected patch for the ".ani" animated cursor file vulnerability (MS Security Advisory 935423) this Tuesday April 3, 2007, one week ahead of their normal patch Tuesday schedule. The vulnerability is in how Windows handles animated cursor (.ani) files. Microsoft confirmed last week that attackers could exploit it to run malicious commands on a victim's machine. The flaw can be exploited when users visit a malicious Web site or open a tainted email attachment. Users are at risk even if they are browsing with Internet Explorer 7 on a system running Windows Vista. Most versions of Windows are vulnerable. Infection rates have been steadily increasing over the weekend. It is important that all campus computers with Microsoft Windows be patched for this vulnerability as soon as possible when it is available this Tuesday. Computers that utilize Big-Fix will have this patch delivered pending some initial testing. Stay tuned for more information.Last modified Wednesday, 04-Apr-2007 11:30:30 AM