Security Watch

Keeping Track of patches and hacks in the IT security world.

Workaround Out for Windows ANI Zero Day

eEye Digital Security's Research Team has released a workaround for the zero-day Windows animated cursor vulnerability that McAfee discovered earlier in the week. Microsoft as of yesterday still hadn't come up with a patch or workaround for the ANI files vulnerability, which eEye called "one of the most potent zero-days recorded" by the security company's Zero-Day Tracker.

"Since the vulnerability lies within Windows and is exposed by countless applications, exploit vectors are plentiful for attackers to launch reliable attacks against user32.dll," eEye said on its site.

Researchers at McAfee as of yesterday had found the vulnerability only on Windows XP SP2 systems running IE 6 or IE 7 browsers.

eEye noted that users who had already installed its free Blink Neighborhood Watch integrated client security software were already protected against the ANI zero day due to its generic intrusion prevention system.

eEye Research has released a patch to mitigate the vulnerability for those users without Blink Neighborhood Watch, until Microsoft releases a patch. eEye said that its patch has successfully disabled all attack vectors from exploiting users while not causing a disruption in normal use. eEye stipulated that this workaround should be used for temporary mitigation and isn't meant to replace Microsoft's forthcoming patch.

The patch as well as technical information can be found here.