Revenge of the Worms?
It's been a while since we've had a massive worm outbreak, but the potential for such an occurrence has increased significantly over the weekend with word that a wormable exploit has been made available for the recent animated cursor vulnerability in Windows.
Microsoft has issued several status updates over the past few days via the Microsoft Security Response Center (MSRC) blog, including the news that they will be releasing a special off-schedule fix for this vulnerability on April 3rd (which is one week shy of the normal patch release day).
Because of the criticality of this vulnerability and the various editions of Windows that it affects (including SP2 for Windows 2003 and 64-bit XP), it is highly advisable that every effort be made to test and deploy the patch as soon as it becomes available tomorrow. Other mitigation efforts include the following:
- Reading email in plaintext (especially if using Outlook)
- Stop using Outlook Express, which is vulnerable even in plaintext mode
- Keeping your host-based security tools (such as AntiVirus) up-to-date
- Employing web content filtering tools
- Deploying network-based IPS products
- Engage in safe browsing/email activities, such as avoiding unknown links
The situation is deemed critical enough that several security threat analysis teams have raised their alert levels on account of this threat, including both SANS Internet Storm Center and Symantec DeepSight.
If you'd like to get a bit more information about what is being referred to as the ANI vulnerability, then check out the following:
Be advised that although the bulletins discuss Windows 2000 SP4 and later as being affected, it is highly likely that previous version of Windows -- which are currently unsupported by Microsoft -- are also affected. Users of these older operating systems should consider the use of the unofficial, non-Microsoft patches below:
Please be alert for any updates to these bulletins...