March 29, 2007
New Exploit Hits Windows
Microsoft is warning of a new zero day exploit that affects Windows 2000, XP, Server 2003, and, ahem, Vista. The exploit can get to individual machines by visiting a specially crafted web site or viewing a specially crafted email. It has to do with insufficient validation prior to rendering cursors, animated cursors, and icons. If the exploit is successful it will run code that compromises the user's machine, giving the exploiter the same rights as the user.
Microsoft says that Internet Explorer 7 running in protected mode will prevent the exploit from operating. Protected mode, if one remembers, is the annoying pop-up message asking if the user intended to perform the requested task. This feature in Vista can be turned off and probably will by some users.
There is a video of the exploit at work on YouTube. I found it through a story on the exploit in ComputerWorld. The link to the video is here. The error messages in Vista as it crashes looks very pretty in the new Aero interface. The next patch date for Windows is April 10th.
March 29, 2007 | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference New Exploit Hits Windows: