Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft

Microsoft

McAfee Kills Vista

And also Windows XP SP2 and Windows 2000 SP4

By Marius Oiaga, Technology News Editor

4th of April 2007, 13:42 GMT

Adjust text size:



Enlarge picture
Microsoft has issued an out-of-band security update addressing a Pleiades of vulnerabilities in GDI, including the now infamous critical flaw in Windows Animated Cursor Handling. Microsoft Security
Bulletin MS07-017 addresses the whole range of GDI vulnerabilities affecting Windows 2000, Windows Server 2003, Windows XP and Windows Vista. While not downgrading the severity rating of the .ANI file format handling vulnerability in Windows Vista, the Microsoft Security Response Center pointed out that the operating system has a few Mitigating Factors that contribute to the reduction of the impact of the vulnerability.

"Attacks against this vulnerability affect all supported versions of Windows and Windows Server, including Windows Vista, and have been web-based and e-mail based. If you are using Windows Vista, the Internet Explorer 7 protected mode provides additional protections against web-based attacks. Also, if you're using Outlook 2007, you're protected against e-mail based attacks. And running as a standard user further protects you by limiting the attacker's code with the same limitation on the logged-on user," Christopher Budd, an MSRC Security Program Manager pointed out.

McAfee however does not feel the same. In the first video embedded at the bottom, you will see yet another cinematic adventure courtesy of McAfee with Windows Vista in the lead. "There has been some confusion around whether or not Vista is vulnerable to remote code execution. I've posted this video to demonstrate this case. Here, with DEP enabled (default settings), and IE7 running in protected mode, you will see a proof of concept in action," stated Craig Schmugar, virus research manager at McAfee's Anti-Virus Emergency Response Team Labs.

Pedro Bueno, also from McAfee's Anti-Virus Emergency Response Team Labs, is the author of the second video detailing the creation of a malicious .ANI file for Windows XP SP2 and Windows 2000 SP4.



TAGS:

 Windows Vista | .ANI | Windows Animated Cursor Handling


Rating:
Fair (2.6/5) 6 vote(s) so far    

Read by 1,879 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Windows Vista Wide Open to StickyKeys Backdoor

Windows Vista - to Do or Not to Do, Security?

Windows Vista, 90-Day Vulnerability Report

Attackers Can Potentially Run Malicious Applications on Windows Vista

When Windows .ani Files Attack

Windows Vista Suicide, Courtesy of McAfee

Microsoft Knew About the Critical .ANI Vista Vulnerability Since December 2006

Windows Vista Is Hard As a Rock

A Windows Vista Zero-Day Is Pure Gold

When Malware Attacks Windows Vista

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive