Friday, March 30, 2007

Major Microsoft vulnerability

Sorry for being off-topic, but Microsoft yesterday announced a "zero-day" vulnerability (animated cursor files, .ANI) for Windows that is very, very nasty. I expect that this weekend there will be many attacks, and Microsoft does not yet have a patch available.

It affects Windows Internet Explorer, including Vista. Even worse, it affects email, and just viewing an email message can allow someone to do anything they want to your machine.

Every major computer security organization is listing this as a critical flaw. Updated anti-virus software will help with known variants but if someone comes out with something new, you're still in trouble. Details can be read at the Internet Storm Center.

I would not interrupt my blog about this if I didn't think this was a biggie.

There is an unofficial patch from eEye. I recommend installing it until Microsoft gets its act together.

Get it at http://research.eeye.com/html/alerts/zeroday/20070328.html .

Otherwise, have a Shabbat Shalom!