Microsoft Patches .ANI Flaw, But More Attacks Expected - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Microsoft Patches .ANI Flaw, But More Attacks Expected

Microsoft released a security update to fix seven vulnerabilities, but security researchers expect the .ANI attacks to continue.

Even though Microsoft released a patch on Tuesday for the critical .ANI vulnerability, security researchers say the exploit attacks are expected to get much worse before they begin to get better.

The patch, which was released a week ahead of Microsoft's monthly Patch Tuesday schedule, fixes the way Windows handles malformed animated cursor files. Microsoft had planned on releasing the patch on schedule next week, but pushed it out a week early because of the wave of exploits that are showing up.

The security update doesn't just patch the .ANI vulnerability, but fixes a total of seven vulnerabilities, ranging from a WMF denial-of-service bug to three elevation-of-privilege bugs.

Dan Hubbard, a senior director of research at Websense, said in an interview that analysts there have found more than 700 Web sites that are spreading the .ANI exploit. Researchers have found an exploit being sent out in a spam campaign, and automated root kits are popping up online to let even unsavvy hackers build their own exploit malware.

All of this malicious activity isn't going to die down because Microsoft issued a patch, said Craig Schmugar, a threat researcher with McAfee, in an interview. "Getting the patch out early definitely was the right call to make," he said. "There's been a big uptick in exploit activity. It'll get worse. The release of a patch is not the end of the issue. Now that root kits are posted publicly, more and more hackers will find them and this will just get worse."

He added that this could remain an ongoing issue as researchers frequently find working exploits that are a year or two old.

In the 24 hours between Monday and Tuesday mornings, the .ANI exploits became the most detected piece of code coming out of Asia, Schmugar said. Globally, it went from outside of the top 20 to the No. 6 position. He added that he "has no doubt" it will become the most utilized exploit around the world in a week or two.

Even though Microsoft released a patch, it will take some time for consumers and enterprises to install it, and some will take a lot more time than others, said Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, in an interview. That, he noted, will give the hackers plenty of time to continue their assault.

Both Microsoft and the SANS Institute are recommending that users download the patch immediately.

The .ANI vulnerability lies in the way Windows handles animated cursor files and could enable a hacker to remotely take control of an infected system. The bug affects all the recent Windows releases, including its new Vista operating system. Internet Explorer is the main attack vector for the exploits.

Users are being infected after visiting a malicious Web page that has embedded malware designed to take advantage of the flaw. They also can be infected if they open a specially crafted e-mail message or if they open a malicious e-mail attachment sent by a hacker.

Microsoft was alerted to the vulnerability on Dec. 20 by Alexander Sotirov of Determina Security Research. Mark Miller, director of the Microsoft Security Response Center, said in an interview Monday that they began working on a fix immediately. The patch, though, did not come out before exploits began showing up in a flurry of malicious code last week.

Miller said the company needed the three-plus months to work on building and testing a good patch, adding that slightly less than 100 Microsoft technicians have been working on the fix since last week.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll