Monday, April 2, 2007

Its a Cold Day on the Internet

No this is not an April fools joke.

Once again the dark side has come out with a nasty, and this one is so bad that the Internet Storm Center (ISC) has raised the threat level to Yellow which ISC describes as:
We are currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are advised to take immediate specific action to contain the impact. Example: 'MSBlaster' worm outbreak.
More information about the various levels are here.

In a nutshell MS has released an advisory 935423 also know as CVE-2007-0038, and before that as CVE-2007-1765. The issue is that animated cursors, yes those cute things, and be used to install malware and compromise your computer. Don't think that just because you don't see a change to your cursor that it has not happened (they can use the same visual effects as standard, and infect your computer).

What I find maddening is that this vulnerability was first reported to MS back in December 20, 2006, MS skipped last months updates and there is no patch from Microsoft yet. I will note that there was no evidence of the vulnerability being exploited until recently, but way to go MS.

Now there is a patch available from Zeroday Emergency Response Team (ZERT) which is detailed here. Personally I'm using it and have used their patches in the past when MS has been slow to get an official fix out for a really nasty, shall I call it a malware epidemic.

ZERT is not know for casually creating unofficial patches, but was formed by a group of well known security experts to provide a quick response for nasty widespread zeroday exploits.

UPDATE: I just ran across the following information posted on April 1st, but it appears to be real. MS is apparently planning on releasing a patch for this a week early on April 3rd announced o their security blog, and on their Microsoft Security Bulletin Advance Notification. This appears to be the truth and not a April Fools joke. I will not that this states planned, and this is not the first time that a third party patch has embarrassed MS into releasing a security patch out-of-cycle.

No this is not an April fools joke.

No comments: