Security Watch

Keeping Track of patches and hacks in the IT security world.

Windows ANI Workaround Updated as Exploit Mutates

eEye has updated its workaround for the Windows animated cursor flaw—a flaw that some are claiming is responsible for the first real remote code execution exploit on Vista.

The update was released in response to a variant on the original attack that bypasses the security firm's original workaround patch.

The updated eEye patch is available here.

eEye's workaround is temporary, meant to tide users over until Microsoft comes out with its official patch. Microsoft has jumped its regular patch schedule to release its fix for the ANI flaw and will deliver that patch on Tuesday, April 3.

Microsoft managed to rush the patch out only after McAfee made it public last week. Microsoft has made it clear that it has known about the flaw since December. The company over the weekend posted a list of answers to frequent ANI-related questions it has been receiving, one of which said that the company was first alerted to the Windows animated cursor vulnerability on Dec. 20 by a security researcher at Determina.

In Microsoft's statements regarding the ANI attack, the company has grumbled about irresponsible disclosure: a not-too-well-hidden rebuke to McAfee.