Microsoft Plans Out-of-Cycle Patch for Zero-Day Flaw -- Redmondmag.com

Microsoft Plans Out-of-Cycle Patch for Zero-Day Flaw

By Stephen Swoyer
04/02/2007

We still don't know all that much about the scope of the vulnerability in Microsoft's Windows Animated Cursor handling implementation, but -- based on Redmond's responsiveness thus far -- it seems like a doozy.

Microsoft has thrice updated its original security bulletin first released Thursday, and researchers at the Microsoft Security Response Center (MSRC) have updated the MSRC blog on several occasions, too.

The company now plans to release an out-of-cycle patch for the flaw tomorrow, although "it’s possible that we will find an issue that will force us to delay the release," wrote MSRC researcher Christopher Budd in a blog post yesterday.

The MSRC on Thursday confirmed the existence of "very limited attacks." By Saturday, however, Budd acknowledged that the number of attacks had escalated.

"From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code," Budd wrote. The vulnerability affects all versions of Windows -- including Windows Vista, Microsoft confirms.

Redmond's regular Patch Tuesday festivities are scheduled for April 10. A number of factors -- escalated attacks, proof-of-concept code -- prompted Microsoft to release an out-of-order update. There are other concerns, too: The Associated Press reports, via security researcher McAfee, that a posting on a Chinese hacking forum indicates that additional hackers plan to start exploiting the vulnerability, too.

Elsewhere, the AP cites speculation, attributed to researchers at VeriSign Inc.'s Defense labs, that Chinese hackers plan to use the vulnerability to steal (and subsequently sell) information pertaining to the World of WarCraft video game.

Microsoft's patch, should it appear tomorrow, won't be any rush job, Budd promised. "I'm sure one question in people's minds is how we're able to release an update for this issue so quickly," he wrote. "[T]his issue was first brought to us in late December 2006 and we've been working on our investigation and a security update since then. This update was previously scheduled for release as part of the April monthly release [next week]. Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10."

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.