Send Windows to Nirvana with an animated cursor

One of the many disadvantages of every new version of Windows is that the operating system seems to become bloated and filled with features that no one really wants or needs.These new features that Microsoft adds to the system may also be the cause for new security vulnerabilities that were not an issue in previous versions of the operating system.

Instead of concentrating on creating a fast efficient system, it appears as if Microsoft tends to add features to the system that may look great but have no value whatsoever to the user.

Recently a vulnerability in Windows Animated Cursor Handling was discovered. In order for this attack to be carried out, a user must either visit a Web site that has been created to exploit the vulnerability, or view a specially crafted e-mail message or mail attachment on affected operating systems.

You may be interested which Windows editions are effected and which are not. It would also be nice to know if your browsers and e-mail clients are vulnerable and can be used to exploit the system.

Vulnerable are Windows Vista, Windows XP SP2 and Windows 2000 SP4. Several other Microsoft operating systems are affected as well like Windows Server 2003.

What may be even more troublesome is that the vulnerability can be exploited in silent in the background, without the user knowing what is happening.

Take a look at the demonstration video below. It shows how Windows Vista enters a endless Crash-Restart loop caused by a malicious ani file which was dropped on the desktop. Attacks will most likely occur over the Internet.

A security company has released a temporary fix for the solution until an official Microsoft patch gets released.

Update: Microsoft has since then patched the vulnerability, so that all recent versions of Windows should be safe from exploits targeting the vulnerability. Windows users can download and install the patch via Windows Update, or from the official Microsoft Download Center.

Advertisement