Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Chris Wood PatchLink Director ANZ comments about Microsoft issuing patch a week ahead of its monthly Patch Tuesday

  • 05 April, 2007 17:21

<p>Microsoft today issued a patch, a week ahead of its monthly Patch Tuesday, for a vulnerability in Microsoft Windows identified in March, which relates to animated cursor (.ani) files that allow hackers to attack users browsing un-protected Web sites.</p>
<p>Chris Wood, Director of ANZ comments: "Since the exploit code has been released and there are multiple reports of active exploits in the wild, organizations should take this out-of-cycle patch very seriously. It is critical that IT administrators take the recommended security measures, including enforcing text email policy, turning off preview capabilities in emails, and eliminating visits to unknown/un-trusted Web sites. Users are advised to prioritise this patch when it is released as the virulence of the ANI exploit has raised the seriousness of this vulnerability and the level of risk to users, which is why this has had to be a released a week early. The patch will fix how Microsoft Windows handles ANI files by preventing remote code execution.</p>
<p>"Because this is an application-based vulnerability it can affect a wide range of operating systems including Vista. Hackers would have been able to construct a malicious cursor which would allow remote code execution. As general policy, users should be wary if they receive an email asking them to visit an unknown website.”</p>
<p>“While third-party vendors such as eEye and ZERT Group have made an unofficial fix available, PatchLink recommends that organizations wait for the official patch from Microsoft, which should become available tomorrow. Deploying third-party patches is risky and as the official patch vendor, Microsoft has a specific knowledge and understanding of the underlining code.”</p>
<p>“While PatchLink recommends that customers quickly deploy the patch using a phased rollout across their organization, it is important that they first test the patch against mission-critical applications.”</p>
<p>Note To Editor</p>
<p>if you would like more information or if you would like to set up an interview with Chris Wood, please contact Sarah on 02 9212 3848 or visit sarah@kinetics.com.au</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release