USLANMAM

(Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın) - With online criminals exploiting an unaaaaaed flaw in Windows security vendor eEye Digital Security:-)has come forward with an unofficial fix for the problem.
The Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın published early Friday fixes a bug in the way Windows processes Animated Cursor files which are used to create cartoon-like cursors in Windows. Security researchers at McAfee first reported the bug on Wednesday evening saying that it has been used in Web-based attacks.
Microsoft has said that it will eventually fix the problem and it generally recommends that users avoid this type of third-party fix for its products. But in the past similar aaaaaes from eEye and others have been downloaded by tens of thousands of Windows users unwilling to wait for Microsoft's updates.
Microsoft's next set of security aaaaaes are due April 10 but the software giant has not said whether or not that release will include a fix for the Animated Cursor problem.
Security vendor Determina:-)said it informed Microsoft of the problem in December. "Microsoft fixed a closely related vulnerability with their MS05-002 security update but their fix was incomplete" Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın on its Web site.
Several Web sites including two hosted in China are now serving attack code that exploits the bug but this flaw is particularly worrisome because it also affects Microsoft's e-mail clients.
In a Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın on Thursday Microsoft Security Response Center Program Manager Adrian Stone said that Outlook Express users are vulnerable to the bug even if they are reading their e-mail in plain text.
Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın to read mail in plain text format but says that Outlook 2007 users are protected even if they are not doing this.
According to eEye Chief Technology Officer Marc Maiffret Microsoft should have caught the problem two years ago when his company first reported the bug that was aaaaaed in the MS05-002 update. "They fixed the bug we discovered back in '05 but during their standard bug report code audit they missed an area... where identical code was used with an identical vulnerability" he said via instant message. "It is hard to say how long people have been exploiting this in the wild due to the similar nature of the bugs."
Microsoft representatives could not immediately be reached for comment.
:-)


Linkleri Üyelerimiz Görebilir. UslanmaM Üyeliği İçin Tıklayın