A new Windows vulnerability has cropped up, and Steve and Leo are here to discuss it with the world – there’s a new zero-day exploit in the wild for all versions of Windows, even if they’re fully patched. From the Security Now site and show notes:
At the end of March, exploitation of a previously (publicly) unknown vulnerability in Windows’ animated cursor (ANI) processing was detected in the wild. This new vulnerability is now being widely exploited to install Trojan malware into unpatched Windows 2000, XP, Server 2003 and Vista systems.
All fully patched Windows systems are currently vulnerable.
Microsoft learned of this vulnerability in all versions of Windows more than three months ago, on December 20th, 2006, but did nothing to protect their customers.
Uh Oh! Check out the show notes for a link to the interim patch, and check out the podcast for the scoop on the vulnerability.
Security Now! Special Edition // The Animated Cursor Vulnerability
[ episode notes | homepage | audio download ]