Hej, tänkte påpeka att det nu igen är bra att ta sig en stund och köra windows update. ANI-vulnerabiliteten används och exploateras ganska vilt, och det finns nu alltså en update.
CERT-US:
National Cyber Alert System
Technical Cyber Security Alert TA07-093A
Microsoft Update for Windows Animated Cursor Vulnerability
Original release date: April 3, 2007
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows 2000, XP, Server 2003, and Vista are affected.
Applications that provide attack vectors include
* Microsoft Internet Explorer
* Microsoft Outlook
* Microsoft Outlook Express
* Microsoft Windows Mail
* Microsoft Windows Explorer
Overview
Microsoft has released updates to address vulnerabilities in the way
that Microsoft Windows handles image files. A fix for the animated
cursor buffer overflow vulnerability (VU#191609) is included in these
updates.
I. Description
Microsoft has released Security Bulletin MS07-017 to correct
vulnerabilities in the way that Microsoft Windows handles image files.
This update includes a fix for the animated cursor ANI header stack
buffer overflow vulnerability (VU#191609).
More information about the animated cursor buffer overflow
vulnerability is available in Vulnerability Note VU#191609 and in
Technical Cyber Security Alert TA07-089A. Refer to Microsoft Security
Bulletin MS07-017 for more information on the other vulnerabilities.
II. Impact
Applying these updates will mitigate the vulnerability described in
Technical Cyber Security Alert TA07-089. The impact of exploiting that
vulnerability is that a remote, unauthenticated attacker could execute
arbitrary code or cause a denial-of-service condition.
III. Solution
Install updates from Microsoft
Microsoft has released updates for this and other image processing
vulnerabilities in Microsoft Security Bulletin MS07-017.
Note that this is only part of the Microsoft security update release
for April 2007. According to Microsoft:
Microsoft will update this bulletin summary with any other security
bulletins that release on April 10 or on any other day of the
month, as deemed appropriate.
Refer to Technical Cyber Security Alert TA07-089A and Vulnerability
Note VU#191609 for information about workarounds that may reduce the
chances of exploitation until updates can be applied.
System administrators may wish to consider using an automated patch
distribution system such as Windows Server Update Services (WSUS).
IV. References
* US-CERT Technical Cyber Security Alert TA07-089A -
<http://www.us-c ert.gov/cas/techalerts/TA07-089A.html>
* Vulnerability Note VU#191609 -
<http://www.kb.cert.org/vuls/id/191609>
* Microsoft Security Bulletin MS07-017 -
<http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx>
* Microsoft Security Advisory (935423) -
<http://www.microsoft.com/technet/security/advisory/935423.mspx>
* Microsoft Security Bulletin Summary for April 2007 -
<http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx>
* Microsoft Security Response Center Blog -
<http://blogs.technet.com/msrc/search.aspx?q=935423>
* Windows Server Updates Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
_____________________________ _____________________________ __________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-093A.html>