RSSMicrosoft Patches Windows Cursor Flaw
By Nate Mook | Published April 3, 2007, 3:01 PM
As expected, Microsoft has released security update MS07-017, which patches a critical vulnerability in Windows Animated Cursor Handling. The company says it was working on the fix since December, and has posted it early due to reports of attacks.
The problem is similar to one discovered in early 2005, which did not apparently affect Windows XP Service Pack 2. The new vulnerability came to light in December, but an exploit taking advantage of the flaw surfaced only last week.
McAfee's Avert labs noted that the problem impacted XP SP2 and Windows Vista, as well as Windows 2000 SP4 and Windows Server 2003. Microsoft's Security Response Center jumped into action and confirmed the vulnerability shortly thereafter, promising a swift resolution.
A video of the incident shows a Vista system wherein the test file apparently trying to load the custom animated cursor. When the operating system detects a crash, it first tries to save vital data prior to a restart sequence - one of Vista's newer features. It then informs the user that Windows Explorer has crashed.
But in trying to restart Explorer, the restarting crashes itself, sending Vista into a tailspin from which the only escape appears to be the off button.
Although MS07-017 has been released separate from its usual "Patch Tuesday" cycle, Microsoft claims the update was already scheduled for April 10, so moving it up one week is not that difficult of a task - a point ostensibly made to emphasize that customers should not expect similar turnaround on security patches in the future.
"Based on customer feedback and our teams’ ability to complete testing in an expedited manner by working around the clock, we’ve gone ahead and released this update early to help better protect customers from this threat," wrote Microsoft security researcher Christopher Budd in a blog post.
"We are encouraging customers to test and deploy this update as quickly as possible as well as ensure that you have the latest signatures and updates for your security products such as antivirus."
Budd added that Microsoft is not canceling its monthly security release scheduled for April 10, which the company will provide advance notification for on Thursday.
How much you want to bet this early fix breaks a few more things in the OS!
Score: 0
|lmfao
I hope that cursor was a dancing penguin
Score: 0
|Daddy_Spank,
Reading comprehension not one of your strong points?
"As expected, Microsoft has released security update MS07-017, which patches a critical vulnerability in Windows Animated Cursor Handling. The company says IT WAS WORKING ON THE FIX SINCE DECEMBER, and has posted it early due to reports of attacks. Based on customer feedback and our teams’ ability to complete testing in an expedited manner by WORKING AROUND THE CLOCK, we’ve gone ahead and released this update early to help better protect customers from this threat," wrote Microsoft security researcher Christopher Budd"
Score: 0
|However, that does not say around the clock since december.
Score: 0
|They claim they worked around the clock since DECEMBER to fix one single bug? lol are microsoft only hiring crap coders or what?
Score: 0
|Read the article. Nobody said anyone worked around the clock SINCE December.
Score: 0
|Think you capitalized the wrong word, should have been "around the clock" I'm sure. It does say "since".
Score: 0
|Its pretty funny to know whatever microsoft does, there is always gonna be some wise guys here posting garbage about it no matter what. Childish. Learn to enjoy what there is to enjoy. If you hate windows so much, use another OS, nobody forced you to use windows.
But the way some of you are writing just reminds me of a girl who cant get over her exboyfriend. Grow UP!!!
Score: 0
|RTHDCPL.EXE - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not
run properly. The relocation occurred because the DLL
C:\WINDOWS\system32\HHCTRL.OCX occupied an address range reserved for
Windows system DLLs. The vendor supplying the DLL should be contacted for a
new DLL.
If you have read that immediatly after installing and rebooting your
computer from the latest Microsoft Security fix, all you have to do is go to
your Control Panel, then to Add/Remove Programs, make sure updates is
checked and uninstall the fix, the problem will go away but it does leave
the need for a security fix still open.
This is related directly to Microsofts development regarding the "never
ending shell crash" in all Microsoft Windows systems. That was spurred on
by the discovery that an animated cursor could leave your Windows operating
system open to hackers.
Score: 0
|http://support.microsoft.com/kb/935448/
Score: 0
|This issue is only for people who have RealTek HC audio. There is already a work around for this known issue. The issue has to do with the Realtek dll using the same address space as the new patch. I don't know if realtek used address space that microsoft already reserved for windows systme dll's but had not used or if micro$oft decided to use another address, then make other move their dll's. Either way, you can download the work-around from microsofts web site. MS-07-017 has a kb article at http://support.microsoft.com/kb/925902. There is also a likn to another kb that goes into more detail and the workaround. You can find this at http://support.microsoft.com/kb/935448/.
Score: 0
|I have also experienced this problem on my AMD PC but the patch worked fine on my Intel PC. It may be possible that this problem is limited to AMD PCs?
Score: 0
|Thank god... downloaded it today.. works great.
Score: 0
|That ani crash was a plaguing problem for you huh?
Score: 0
|*LMAO*
Since December? They sure take their sweet time on fixing things...
Score: 0
|"Based on customer feedback and our teams’ ability to complete testing in an expedited manner by working around the clock, we’ve gone ahead and released this update early to help better protect customers from this threat"
They take every oportunity they can i even the most ridiculous ones to praise themselves. Amazing PR department, MS. Even the Security Researcher is finely trained on carryng on the b*llsh*t.
Vista Goliat defeated by Cursor David.
Score: 0
|I'm sure they worked around the clock since end of December (when they discovered it) to patch this.
Nope, they waited until exploits.
Score: 0
|yeah, it was like, "we know the issue is there but we'll put that on hold until someone exploits it. That way we can say we've been working on it for a while! Muahahaha!!!"
Score: 0
|>But in trying to restart Explorer, the restarting crashes itself, sending Vista into a tailspin from which the only escape appears to be the off button.
I use Windows a lot. I actually like Windows, or at least I mostly like it. But I have to say that Explorer has consistently been the most horrible piece of Microsoft software for the last 12 years.
Glad to see it's still on target.
Score: 0
|You mean the shell, right? They aren't talking about the browser.
In either case, I agree. Windows may be more reliable than previously, but too many programs (adobe 7 and corrupt PDF's comes to mind) can still easily take out the shell, which can also impact windows itself.
Score: 0
|I'm talking about the shell. I haven't used IE regularly in about 3 or 4 years.
Explorer is better than it was in Windows 2000 where it would regularly lock up or crash on me within an hour of installing Windows, but it's still buggy, easy to lock up or crash, and hasn't had any significant new functionality in about 7 years.
Score: 0
|