Chachazz Posted March 31, 2007 Report Share Posted March 31, 2007 Windows zero-day flaw 'very dangerous,' experts sayWith Vista at risk, eEye issues unofficial patch; attacks traced to Chinese hackers Gregg Keizer -- The Windows zero-day bug now being used by attackers is extremely dangerous, security researchers said today, and ranks with the Windows Metafile vulnerability of more than a year ago on the potential damage meter. "This is a good exploit," Roger Thompson, CTO of Exploit Prevention Labs, said in an instant message exchange. "It's very dangerous. One of the reasons is that there's no crash involved...it's instantaneous. And all it takes is visiting a site." »»Yesterday, Microsoft Corp.'s Security Response Center (MSRC) issued an advisory acknowledging a bug in Windows' animated cursor, a component that lets developers show a short animation at the mouse pointer's location. Attackers, who are already exploiting the bug in limited fashion, can hijack PCs by tempting users to malicious Web sites or by sending them a malformed file via e-mail. "It doesn't require a PhD in hacking," Brown said. "The number of people who can use this is huge." eEye considered it so dangerous that early this morning it released a rare unofficial patch to temporarily plug the dike. This is only the second time that eEye has put out an unsanctioned fix for a Microsoft bug. MORE HERE:http://www.computerworld.com/action/articl...ticleId=9015138 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.