Latest on security update for Microsoft Security Advisory 935423


Hello everyone, this is Christopher Budd.


 


We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling.


 


From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are  currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.


 


I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it’s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know.


 


I’m sure one question in people’s minds is how we’re able to release an update for this issue so quickly. I mentioned on Friday that this issue was first brought to us in late December 2006 and we’ve been working on our investigation and a security update since then. This update was previously scheduled for release as part of the April monthly release on April 10, 2007. Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10.


 


In the meantime, I do want to encourage everyone to make sure that you have the latest signatures for your antivirus and other security products. As I noted on Friday we have given our partners in the MSRA program information that they can use to help protect against attempts to exploit this vulnerability. Until we release the security update for this issue, the latest signatures for your security products can help to provide additional protections.


 


We’ll continue to update you with new information on this situation as we have it.


 


Thanks very much.


 


Christopher


 


*This posting is provided “AS IS” with no warranties, and confers no rights.*


Comments (16)

  1. Anonymous says:

    On Tuesday 3 April 2007 Microsoft is planning to release one Microsoft Security Bulletin affecting Microsoft

  2. Anonymous says:

    Microsoft warnt im Security Advisory KB935423 vor einer Sicherheitslcke bei der Behandlung von animierten Mauszeigern (.ani Dateien) in allen hier untersttzten Windows-Versionen, ber die sich mittels Aufruf entsprechend prparierter Web-Seiten durch d

  3. Anonymous says:

    アドバイザリ 935423 向け定例外のセキュリティ更新 (予定)

  4. Anonymous says:

    On Tuesday 3 April 2007 Microsoft is planning to release: Security Updates One Microsoft Security Bulletin

  5. Anonymous says:

    *Microsoft to Release Out-of-Schedule Patch for ANI Vulnerability Published: 2007-04-02, Last Updated:

  6. Anonymous says:

    Na quarta-feira passada (28/03) a McAfee reportou uma vulnerabilidade crítica no tratamento de cursores

  7. Anonymous says:

    It’s been a while since we’ve had a massive worm outbreak, but the potential for such an occurrence has

  8. Anonymous says:

    Just a quick blog post this morning regarding the ANI vuln and some thoughts on mitigations built-in

  9. Anonymous says:

    Microsoft is responding to the animated cursor vulnerability (MS Advisory 935423) with an out of cycle patch. According to the MS Security Response Blog, the patch should be out tomorrow. The quick response is do in part to the increasing need for it

  10. Anonymous says:

    Tomorrow, April 3rd, 2007. Microsoft will release a patch to address the vulnerability in Windows Animated

  11. Anonymous says:

    Latest on security update for Microsoft Security Advisory 935423 http://www.microsoft.com/technet/security/bulletin/advance.mspxAs

  12. Anonymous says:

    Hello everyone, This is Christopher Budd. I wanted to follow up on my posting from Sunday night to let

  13. Anonymous says:

    Hey Folks – this is Mike Reavey. We’re all glad that MS07-017 – the Security Bulletin that fixes the

  14. Anonymous says:

    Last week, I warned you about a zero day Windows exploit that McAfee found spreading in the wild. The exploit attacked an unpatched vulnerability in the Windows code that handles animated icons and cursors. By enticing you to a specially crafted Web sit

  15. Anonymous says:

    historically black colleges in texas

Skip to main content