Windows Vista Held Its Own Against .ANI Attacks

Microsoft's latest operating system managed to hold its own against attacks targeting the Windows Animated Cursor Handling vulnerability publicly disclosed as the beginning of April, 2007. Mikko Hypponen, F-Secure Corp. Chief Research Officer attending InfoSecurity Europe in London told the IDG News Service that Windows Vista came under fire from attacks aiming to exploit the .ANI file format vulnerability.

Hypponen revealed that F-Secure detected a couple of exploits that were designed especially for Windows Vista. However, the mitigations set in place by Microsoft functioned to the extent where the operating system made it without a scratch, in the examples offered by F-Secure.

Despite the fact that Windows Vista featured additional protective barriers helping mitigate the impact of the .ANI file format handling vulnerability, Microsoft did not reduce the severity level of the vulnerability. The Redmond Company resolved the problem on April 3 with the release of an out-of-cycle security patch for the Windows Animated Cursor Handling vulnerability.

Hypponen emphasized the fact that the attacks detected against Windows Vista proved to be ineffective. The exploits were aimed at bypassing Vista's Address Space Load Randomization (ASLR) security feature that was labeled by Symantec as a potential security liability.

A Microsoft representative commented that the company did not detect any attacks directed at ASLR associated with the .ANI vulnerability. However, the Redmond Company, through the voice of Roger Halbheer, Microsoft's chief security advisor for Europe, the Middle East and Africa, welcomed proof that ASLR is doing its job. The .ANI exploits were among the first attacks on Windows Vista, but as the operating system becomes increasingly adopted, the trend will also generalize.