Windows Vulnerability in Animated Cursor Handling

← Back to Stories (view on slashdot.org)

Windows Vulnerability in Animated Cursor Handling

Posted by Zonk on Friday March 30, 2007 @01:43AM from the mind-those-hilarious-icons dept.

MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."

10 of 338 comments (clear)

Min score:

Reason:

Sort:

Why would my cursor run as root? by Dr.+Zowie · 2007-03-30 01:46 · Score: 5, Insightful

Huh? This boggles the imagination. I would have thought they'd have learned about security rings while rebuilding their entire OS from the ground up (as Longhorn was reputed to do).
1. Re:Why would my cursor run as root? by 644bd346996 · 2007-03-30 02:07 · Score: 4, Insightful
  
  What part of "Successful exploitation allows execution of arbitrary code." do you not understand? This is a hole that lets crackers do a lot more than crash your computer.
2. Re:Why would my cursor run as root? by 644bd346996 · 2007-03-30 02:53 · Score: 4, Insightful
  
  Sure, but this is still a zero-day exploit for everybody who hasn't upgraded to Vista, and everybody who hasn't turned on IE7 Protected Mode. (The MS website seems to imply that IE7 Protected Mode is not the default). That leaves at least 95% of the installed base of desktops vulnerable.
3. Re:Why would my cursor run as root? by Locutus · 2007-03-30 04:17 · Score: 4, Insightful
  
  you this that's bad, there was another security flaw in the mouse code announced over 15 months ago( Jan 05 ). They patched that but never examined the code for other exploits. I mean really, if you've got SOOO much freaking legacy code, you'd atleast want to be refactoring what you have to touch because of bugs or, for example, security holes.
  
  http://www.checkpoint.com/defense/advisories/publi c/2005/cpai-2005-06.html
  
  But, the great minds at Microsoft and their Trusted Computing efforts appear to be spending more time on marketing and public relations and less time on even attempting to make a better product. It's bad enough that the mouse code is an attack vector but to just put a band aide on it and send it right into the Windows Vista product is just plain bad.
  
  Remember, Vista was said to be the most secure operating system available. Not the most secure version of Windows but the most secure operating system. And yet they are letting relatively small bits of code like this mouse code get through their masterful security techniques. Well, I guess that is why they've decided their security system will be based on a billion sandboxes instead of secure model for the whole... What a joke.
  
  LoB
  
  --
  "Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
This old? by LinuxGeek · 2007-03-30 01:47 · Score: 4, Insightful

With exploits as old as this one, it makes me wonder just how many high level hackers/crackers have used this in silence over the years. It could pay very well to keep ploits such as this one silent for as long as possible.

--

Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
1. Re:This old? by truthsearch · 2007-03-30 01:56 · Score: 4, Insightful
  
  This is a perfect example of how using Microsoft's official list of exploits is a mostly meaningless metric to determine how secure the OS really is. It gives no indication of security holes being secretly exploited for years.
  
  --
  Developers: We can use your help.
2. Re:This old? by LilGuy · 2007-03-30 02:02 · Score: 4, Insightful
  
  If it were true that this was exploited for years, why would it come out now? Has something even better been found and thus this one can be trashed?
  
  --
  
  You're nothing; like me.
Re:What's to investigate? by rbochan · 2007-03-30 02:11 · Score: 4, Insightful

...Really, who uses animated anything on their desktops? It is always a performance hit. I completely disable all active desktop features immediately before using a computer with MS Windows installed...

That's fine for you, but have you seen an average consumer machine recently? Everything from animated wallpaper to rotating slide shows to OMGPONIES!!!!!! themes get installed - usually via Active X.
You _are not_ the average user - the statement you made above proves that. The 'average joe' thinks his computer is appliance, like a toaster, because Bill Gates tells him it is.

--
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
Re:goddam hackers by Just+Some+Guy · 2007-03-30 02:39 · Score: 4, Insightful

Guess you are STILL a Computer Scientist student. If you are doing something that has no impact on security (this is image processing dammit) the value of your software is in what it does, not in how it resists to every possible abuse.

I was going to try to be calm and rational about this, but screw it.

It's that kind of piss-poor attitude by jackass codemonkeys that causes these stupid, avoidable problems. If you aspire to be a programmer, quit now. You are not suited for it, and the best you can hope for is working in the field for a few years before your coworkers stab you to death in the parking lot (and no one will see a thing).

You can either approach every single line of code you write by asking how it will be attacked, or you can write an OS that can be compromised by a damn mouse pointer. There is no in between. All the hoping and wishing and "gee whiz golly, no one would want to hack my code!" Pollyanna naivete in the world won't change it.

Seriously. Quit before you break something.

--
Dewey, what part of this looks like authorities should be involved?
Un-fragging-believable! by mmell · 2007-03-30 03:04 · Score: 5, Insightful

Y'know, if you'd told me that M$ rolled out their new WindowsFS and it had a vulnerability or two, I'd be amused. Not surprised, not shocked, amused. New and exciting technologies rarely work correctly the first time they're tried.
If you told me it was in the Aero "glass" interface, I'd be more amused. Not that the eye-candy is worth exposing a machine to security risks, but the new interface could improve user efficiency, or be a step in that direction - I'll accept the risk presented as a step along the way to a better interface.
If it was something in the kernel or one of the system utilities, I'd accept that. Hundreds of executables, thousands of source files, millions of lines of code - sure, I can see somebody missing a bug in "ipconfig" or something like that - happens to every OS eventually.
The vulnerability has to do with handling animated mouse cursors?!? Uh, how the )$(*% do you screw up mouse event handling badly enough to permit an OS exploit? Just how important are animated mouse cursors to the end-user experience? Important enough to risk OS/system stability and integrity to have a spinning hourglass?
I'll say this for Redmond - this vulnerability certainly has a huge "Wow" factor in my opinion. It's all about the "Wow", you know . . .