-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA07-093A
Microsoft Update for Windows Animated Cursor Vulnerability
Original release date: April 3, 2007
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows 2000, XP, Server 2003, and Vista are affected.
Affected applications include
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft Outlook
* Microsoft Outlook Express
* Microsoft Windows Mail
* Microsoft Windows Explorer
Overview
Microsoft has released updates to correct critical vulnerabilities in
Microsoft Windows. One of these vulnerabilities is being actively
exploited.
Solution
Install updates
Microsoft has released updates to remedy critical vulnerabilities in
Windows. To obtain these updates, visit the Microsoft Update web site.
We also recommend enabling Automatic Updates.
Description
Microsoft has released Security Bulletin MS07-017 to address critical
vulnerabilities in Microsoft Windows that could allow an attacker to
gain control of your computer. Other non-critical vulnerabilities are
also addressed in this bulletin.
Included in these updates is a solution for a previously announced
vulnerability in the way that Windows processes malicious animated
cursor files (VU#191609).
More technical information is available in US-CERT Technical Cyber
Security Alerts TA07-093A and TA07-089A, and in Vulnerability Note
VU#191609.
References
* US-CERT Technical Cyber Security Alert TA07-093A -
<http://www.us-cert.gov/cas/techalerts/TA07-093A.html>
* US-CERT Technical Cyber Security Alert TA07-089A -
<http://www.us-cert.gov/cas/techalerts/TA07-089A.html>
* Vulnerability Note VU#191609 - <http://www.kb.cert.org/vuls/id/191609>
* Microsoft Security Bulletin MS07-017 -
<http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx>
* Microsoft Security Advisory (935423) -
<http://www.microsoft.com/technet/security/advisory/935423.mspx>
* Unpatched Drive-By Exploit Found On The Web -
<http://www.avertlabs.com/research/blog/?p=230>
* TROJ_ANICHMOO.AX - Description and Solution -
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAX>
* Microsoft Security Essentials - <http://www.microsoft.com/protect/>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
* Microsoft Automatic Updates -
<http://www.microsoft.com/athome/security/update/msupdate_keep_current.mspx#EZB>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/SA07-093A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA07-093A Feedback VU#191609" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Produced 2007 by US-CERT, a government organization. Terms of use
Revision History
April 3, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRhKsu+xOF3G+ig+rAQIv0wf/Z5vXu0r5BfkXT0LrGsKn/XqIhKX4U4YE
I4eLRVhLHqC9e67sbgsA+DowIyBooYDNqDN5wdUj+KDzlBccMGk+zgnratGjjU/k
E2PqbsIeYnaMn4+JN7+skx8ImPGPX++xrpQGtC6g0oUh3qEjphpZjo+CG3sJVjCF
35jUW2HNXAGPL65NIKDskX78tLLNIipfRxytkIq/LnWTnj2bO2+9UjzUW2FOI5/x
BnESubKvb5CxnOcdJZgz0w934TBAav0fHjnFOA+sHfRpF7FkYDGH7HG5KAsH4Lg4
Dh51gZPjaAGhK2Cw0v00d639w996kKag6dh+xFu4a3GuAJ1xgrfcfw==
=QBl8
-----END PGP SIGNATURE-----
