Microsoft released a security advisory regarding the vulnerability in Microsoft Windows Animated cursor, McAfee reported on Wednesday. McAfee had earlier noted a proof of concept on the message boards but only recently found a drive-by exploit in which a Trojan was being silently slipped onto visitors’ machines.
A company spokesperson said that for the attack to be carried out, users have to visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted HTML e-mail message sent to them by an attacker.
McAfee didn’t have any suggestions for a workaround as of this morning, and it seems that Microsoft at this point is scratching its head as well.
The company’s security advisory is now giving users generic best practice advice on exercising caution when opening or viewing unsolicited e-mail and e-mail attachments, whether from known or unknown sources. Microsoft also noted that it’s added detection to the Windows Live OneCare malware scanner, but that might be cold comfort, considering that 1) Live OneCare was eating entire mail stores earlier this month and 2) Live OneCare isn’t doing too hot in anti-virus comparatives. The most recent one I’ve seen is the one done by AV-comparatives, which Windows Live OneCare actually flunked. And yes, it was the only AV to flunk.
Microsoft promises to also “actively share information” with Microsoft Security Response Alliance partners to get their detection up to date. If you think you’ve been hit by this one, Microsoft says call Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. International customers can look to their local Microsoft subsidiaries for support.
Microsoft and McAfee are keeping an eye on the situation and will update us when they know more.