New Windows flaw exploited by Trojan

Microsoft said Windows versions from 2000 up to Vista are affected by the flaw

Microsoft has been left alone by hackers for a while but now a new security flaw in Windows has been discovered. A Trojan exploiting the vulnerability is already spreading.

Microsoft said yesterday that it has detected a vulnerability in Windows, affecting versions of Windows 2000 , Windows Server 2003 , Windows XP , and Windows Vista .

Reports on how virus creators are exploiting the security flaw have already reached security firms. The vulnerability lies in how Windows handles .ani files, a format that manages animated cursors and icons. When the file opens, a memory flaw can occur.

A successful attack gives the hacker full control of the computer system. The flaw can be exploited by luring a user to a malicious website, to open a manipulated email message, or a virus-infested attachment.

Security firm McAfee - who first spotted the vulnerability on Wednesday - has dubbed the Trojan Exploit-Anifile.c, whilst rival security company Trend Micro calls it Troj_Anicmoo.Ax.

Users running Internet Explorer 7 and Firefox 2.0 are safe, at least against the web browser attacks that are currently known, Microsoft said.

There is no official patch for the problem yet, but Microsoft said in its Security Advisory that it is working on an update. It advises to read email messages in plain text format, and not to visit websites that are not trustworthy. As usual, it also warns users not to open email attachments from untrusted sources, or with suspicious content. Microsoft also recommends users to update their anti-virus programs.

However, security firm eEye Digital Security has released an unofficial fix for the security flaw in Windows. The unofficial temporary patch fixes a bug in the way Windows processes animated cursor files.

It is not yet known how many people have been affected by the Trojan exploiting the latest Windows flaws. Many of the recent so-called Zero Day attacks have been limited, in some cases aimed at specific organisations.

The Microsoft Security Response Center (MSRC) blog stated that the new Windows flaw had brought 'very limited' attacks and they were 'not widespread' at the moment. Danish security firm Secunia has labelled the flaw as 'extremely critical', its highest level.

According to Microsoft, the following versions of Windows are affected:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 for Itanium-based Systems
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows Vista