NEWS FROM THE LAB - Friday, March 30, 2007

Update on ANI Exploit Posted by Mikko @ 15:09 GMT

The Windows Animated Cursor Handling vulnerability – CVE-2007-1765 – is out there although we aren't getting a huge amount of customer reports. However, do be cautious over the weekend. The bad guys will be trying their best to use this exploit before Microsoft releases a patch.


Current testing indicates that this is mainly an Internet Explorer and Outlook issue. So we'd suggest using something else.

SANS Internet Storm Center has good information on mitigations and domains to block.