A flaw in the way that Windows handles animated cursors has been discovered, which can allow remote access and arbitrary code execution. This flaw is being actively exploited in the wild through malicious web sites and emails. Windows users are advised to be careful about opening unsolicitated emails and to be wary about visiting unknown websites. Microsoft are planning to issue a patch to resolve the flaw.
In layman’s terms, there’s a bug in the way that Windows uses animated cursor files – files with a .ani extension – that allows hackers to run whatever code they want on your computer, potentially allowing other computers gain control of your PC. So don’t open any spam email, and certainly do not click on any links contained in a spam email.
The following domains have been found to host the malicious .ani files:
- 33577.cn
- ym52099.512j.com
- 1.520sb.cn
- newasp.com.cn
- koreacms.co.kr
- i5460.net
- www.04080.com
- www.h3210.com
UNDER NO CIRCUMSTANCES SHOULD YOU VISIT THESE WEBSITES IF YOU ARE USING WINDOWS.
More information can be found at:
Microsoft Security Advisory
SANS Internet Storm Center
BBC News – Technology – Users warned on Windows Cursors
Tags: Microsoft, Security, Technology, Windows
[...] per my previous post, a flaw was recently discovered in how Windows uses animated cursors. Microsoft have announced that [...]
[...] recently wrote about a vulnerability in the way that Windows handles animated cursors, and that Microsoft were releasing a patch for the problem. I downloaded and installed the patch [...]