Users warned on Windows cursors
Animated cursors could prove risky for Windows users, Microsoft has warned.
 Source: BBC
Post contains following information
- The vulnerability
- Working
- Precautions
The vulnerability
- The software giant is investigating reports that the way Windows handles alternatives to the traditional arrow cursor can leave PCs open to attack.
- PC users could fall victim by opening a booby-trapped attachment on an e-mail or by visiting a website that is hosting the code.
- Microsoft said that many different versions of Windows were vulnerable to the attack. The list of potential victims includes Windows Vista, XP, 2000 and Server 2003.
How does it work
- By booby-trapping a website or e-mail attachment with code that exploits the flaw, malicious hackers could hijack a Windows PC.
- “Exploitation happens completely silently,” said security firm McAfee which was one of the first to find the bug. Once installed, the exploit code could download and run any other file, warned McAfee.
Precautions
- Microsoft warned users to be wary of attachments and urged them to update security software to combat the threat.
- Simply blocking the .ani files that denote animated cursors will not work as many attackers are renaming booby-trapped files to disguise their dangerous nature.
- Security firms said users can stay safe from this vulnerability by using an alternative browser, such as Opera or Firefox 2.0, with Windows. Also protected are those using Windows Vista with Internet Explorer 7.0.
