Microsoft Patches Windows Vulnerability

Microsoft Corp. released an emergency security patch Tuesday to plug a hole in several versions of Windows

(Seattle) Microsoft Corp. released an emergency security patch Tuesday to plug a hole in several versions of Windows -- including Vista, which the software maker has touted as its most secure operating system ever.

Microsoft was so worried about the hole -- which allowed hackers to break into personal computers and install malicious software -- that it pushed out the critical security fix a week ahead of a regularly scheduled update.

The Redmond-based software company told customers last Thursday about a vulnerability in ".ani" files, which are used to change the cursor into an hourglass while a program works, or into a dancing animal or other animation on specially designed Web sites. Security experts said the hole was actively being exploited by hackers to install keystroke-logging programs.

Ken Dunham, director of the rapid response team at iDefense, the research division of VeriSign Inc., said a group of Chinese hackers was using the security hole to steal and sell log-ins to the popular "World of Warcraft" multiplayer computer game.

Microsoft said it has known about the vulnerability since December.

Users surfing the Web were the first targets, security experts said.

The Microsoft patch "will be a significant milestone in this attack," Dunham said. However, as businesses take time to test and implement the patch, and consumers delay downloading it, hackers will still be at work.

Customers whose Windows computers aren't set to automatically install critical patches can download the security update, MS07-017, from Microsoft's Web site.


  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.