Microsoft Out of Cycle Patch Coming

This is just an FYI for those who may not be following the latest Windows 0-day vulnerability and an upcoming out of cycle patch. Last Thursday, Microsoft published a Security Advisory (935423) describing a vulnerability in Animated Cursor Handling affecting a range of Windows OS versions. The result is that a user that visits a malicious website or reads a specially crafted HTML e-mail may automatically trigger the vulnerability and executing arbitrary code running as that user.

Microsoft's Security Response Center has indicated that an out of cycle patch will be released for this vulnerability as soon as tomorrow (April 3rd) due to increased attacks and publicly available proof of concept code circulating around.

This one is primarily a problem for Windows workstations as it is triggered through user action such as web browsing or reading e-mail. We have also seen some activity on the campus intrusion detection sensor that indicates possible use of this exploit on campus.

So keep an eye out for this patch and apply it as soon as possible to your systems.

References:

Microsoft Security Advisory (935423)
http://www.microsoft.com/technet/security/advisory/935423.mspx

Microsoft Security Response Center Blog
http://blogs.technet.com/msrc/default.aspx

Posted by Addam Schroll on April 02, 2007, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.