Microsoft (opens in new tab) has been left alone by hackers for a while but now a new security flaw in Windows has been discovered. A Trojan exploiting the vulnerability is already spreading.
Microsoft said yesterday that it has detected a vulnerability in Windows, affecting versions of Windows 2000 (opens in new tab) , Windows Server 2003 (opens in new tab) , Windows XP (opens in new tab) , and Windows Vista (opens in new tab) .
Reports on how virus creators are exploiting the security flaw have already reached security firms. The vulnerability lies in how Windows handles .ani files, a format that manages animated cursors and icons. When the file opens, a memory flaw can occur.
A successful attack gives the hacker full control of the computer system. The flaw can be exploited by luring a user to a malicious website, to open a manipulated email message, or a virus-infested attachment.
Security firm McAfee - who first spotted the vulnerability on Wednesday - has dubbed the Trojan Exploit-Anifile.c, whilst rival security company Trend Micro (opens in new tab) calls it Troj_Anicmoo.Ax.
Users running Internet Explorer 7 (opens in new tab) and Firefox 2.0 are safe, at least against the web browser attacks that are currently known, Microsoft said.
There is no official patch for the problem yet, but Microsoft said in its Security Advisory (opens in new tab) that it is working on an update. It advises to read email messages in plain text format, and not to visit websites that are not trustworthy. As usual, it also warns users not to open email attachments from untrusted sources, or with suspicious content. Microsoft also recommends users to update their anti-virus programs.
However, security firm eEye Digital Security has released an unofficial fix for the security flaw in Windows. The unofficial temporary patch fixes a bug in the way Windows processes animated cursor files.
It is not yet known how many people have been affected by the Trojan exploiting the latest Windows flaws. Many of the recent so-called Zero Day attacks have been limited, in some cases aimed at specific organisations.
The Microsoft Security Response Center (MSRC) blog stated that the new Windows flaw had brought 'very limited' attacks and they were 'not widespread' at the moment. Danish security firm Secunia has labelled the flaw as 'extremely critical', its highest level.
According to Microsoft, the following versions of Windows are affected:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows Vista