« Podcast: Why Is Image Spam Flooding Our Inboxes? A Discussion With Commtouch | Main | JavaScript Becoming a Favorite Hacking Tool »

Microsoft announced it plans to release a patch for a dangerous security vulnerability in its Windows operating system that cybercriminals are actively exploiting. This fix comes a week earlier than Microsoft's typical patch Tuesday.

The company's break from standard operating procedure was clearly prompted by an unofficial patch release by third-party software vendors which include eEye Digital Security, Determina, and the Zero-Day Emergency Response Team (ZERT), a coalition of security experts who's goal is to provide timely fixes for unpatched software flaws that pose an active and serious risk to computer users.

The vulnerability stems from a flaw in Windows animated cursor files which hackers have been exploiting for the past week. All it takes is a user to open a specifically created email or a specially built webiste for an attacker to gain complete control over a Windows system.

The SANS Internet Storm Center raised the Internet Threat Level to yellow after observing several big blasts of spam and a growing number of websites designed to take advantage of the vulnerability. This is one of only a half-dozen times that SANS has increased the threat level due to a single threat.

What is most discomfiting about this vulnerabiilty is apparently Microsoft has known about this flaw for some time. One company stated that they notified Microsoft last December about this flaw. Microsoft's sudden rush to release this patch ahead of the standard monthly fixes is a good step, but only a first step in what needs to be a more proactive approach to threats to its ubiquitous operating system.

Posted by pschooff in Microsoft |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1639