Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows Vulnerability in Animated Cursor Handling

Zonk posted more than 7 years ago | from the mind-those-hilarious-icons dept.

Microsoft 338

MoreDruid writes "Secunia reports a vulnerability in Windows Animated Cursor Handling. According to the linked article, the rating is "extremely critical". Microsoft has put up their own advisory on the subject, confirming this is a vulnerability that affects Windows 2000, XP, 2003 and Vista. The exploit has already been used in the wild. From the Secunia page: The vulnerability is caused due to an unspecified error in the handling of animated cursors and can e.g. be exploited by tricking a user into visiting a malicious website using Internet Explorer or opening a malicious e-mail message. Successful exploitation allows execution of arbitrary code."

cancel ×

338 comments

Sorry! There are no comments related to the filter you selected.

First Pwndst (2, Insightful)

Anonymous Coward | more than 7 years ago | (#18542477)

So much for Vista being secure from the ground up!
 

Re:First Pwndst (3, Insightful)

Luscious868 (679143) | more than 7 years ago | (#18542547)

So much for Vista being secure from the ground up!
Vista is secure from the ground up ... just so long as your running it in a VM on some other OS.

Re:First Pwndst (5, Interesting)

Anonymous Coward | more than 7 years ago | (#18543281)

It was. The vulnerability still affects Vista, but due to the different security subsystem the exploit can't really do anything. It sits stuck in a "protected mode" IE7 instance which can't do anything, not even fuck with the current user's profile. The exploit is effectively contained at that point.

Even if the user were to download the cursors and run them locally the effect would be minimized because, by default, a user, even a member of Administrator, is jailed. The user's profile would be vulnerable at that point, but system stuff would not be.

You can't stop vulnerabilities, but you can mitigate the result, and Microsoft has actually done a really damned good job at this in Vista.

Re:First Pwndst (1)

present_arms (848116) | more than 7 years ago | (#18542573)

According to the BBC Vista and IE7 are immune to the attack

Security firms said users can stay safe from this vulnerability by using an alternative browser, such as Opera or Firefox 2.0, with Windows. Also protected are those using Windows Vista with Internet Explorer 7.0.
All The Best Your Friendly Linux User Alie

Re:First Pwndst (1, Informative)

Anonymous Coward | more than 7 years ago | (#18542641)

'With', not 'and'. In other words, IE7 on XP could still be vulnerable, or Vista could by opening the cursor file through some non-IE7 means.

FIrefox? (1)

leuk_he (194174) | more than 7 years ago | (#18542893)

Is Firefox vulnerable? Or does FF not support animated cursors? Or did it required click to download/view some file in the first place?

Re:First Pwndst (1, Informative)

Anonymous Coward | more than 7 years ago | (#18542649)

Vista w/ Windows Mail seems to be vulnerable.

Why would my cursor run as root? (5, Insightful)

Dr. Zowie (109983) | more than 7 years ago | (#18542479)

Huh? This boggles the imagination. I would have thought they'd have learned about security rings while rebuilding their entire OS from the ground up (as Longhorn was reputed to do).

Re:Why would my cursor run as root? (1, Interesting)

The MAZZTer (911996) | more than 7 years ago | (#18542541)

It doesn't run as root, it can run in any security context. This exploit just crashes explorer, it doesn't crash Vista. However this is still a problem for Joe Average, who won't know what to do when explorer goes into a crash-restart-crash loop.

Re:Why would my cursor run as root? (4, Insightful)

644bd346996 (1012333) | more than 7 years ago | (#18542767)

What part of "Successful exploitation allows execution of arbitrary code." do you not understand? This is a hole that lets crackers do a lot more than crash your computer.

Re:Why would my cursor run as root? (5, Funny)

Anonymous Coward | more than 7 years ago | (#18542987)

What part of "Successful exploitation allows execution of arbitrary code." do you not understand?

Successful.

Re:Why would my cursor run as root? (5, Funny)

spun (1352) | more than 7 years ago | (#18543241)

Microsoft's advisory says that IE7 runs in protected mode in Vista, thus it is "protected from currently known web based attacks" and the exploit can only crash the browser not execute arbitrary code. It's in the "Mitigating Factors for Animated Cursor Vulnerability" section.

"In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user or system files and settings without user consent." -- From the Windows Vista: Features Explained site.

Unless of course the user has been driven insane by all the "Cancel or Allow?" questions and would readily click "Allow" even in a dialog box asking, "Your computer would like to strangle you with its power cord. Cancel or Allow?"

Re:Why would my cursor run as root? (4, Informative)

FreshMeat-BWG (541411) | more than 7 years ago | (#18543179)

Who cares if it runs as root or not? It really doesn't make too much of a difference except on a multi-user system. I don't care about my OS installation--that is easy to do again. What I do care about is my data. Deleting or corrupting files in my user profile directory (C:\Documents and Settings\user\* or /home/user/* -- take your pick) is digital death for me (assuming a backup will not restore properly or new data hasn't been backed up yet).

It seems like every time someone comments about a security hole on Slashdot the response is along the lines of "Well, if this doesn't result in a root exploit, it isn't all that bad". If you agree with that statement, then go ahead and issue "rm -rf ~".

Computers input, store, manipulate, and output data. My data is important to me. Arbitrary code execution regardless of whether in my user context or a context with superuser privileges is a threat to that data.

Surprise, Windows Listed as Most Secure OS (5, Funny)

ballmerfud (1031602) | more than 7 years ago | (#18542493)

Surprise, Windows Listed as Most Secure OS [slashdot.org] ... just don't move the mouse.

Re: Surprise, Windows Listed as Most Secure OS (4, Funny)

CoolVibe (11466) | more than 7 years ago | (#18542537)

Surprise, Windows Listed as Most Secure OS [slashdot.org] ... just don't move the mouse.
and pull the network plug out while you are at it. More security :)

Re: Surprise, Windows Listed as Most Secure OS (1)

rblancarte (213492) | more than 7 years ago | (#18542645)

Yes, but that is a given with any computer (Linux, Mac or Windows). Hence the saying that the most secure computer is one that is off, not plugged into anything (including a keyboad, monitor or wall outlet) and locked in a vault.

IMHO, while the actual exploit might be new, haven't things like animated cursors always been among things you wanted to avoid due to the malware they come with? This just makes them worse.

RonB

Re: Surprise, Windows Listed as Most Secure OS (1)

morgan_greywolf (835522) | more than 7 years ago | (#18543277)

and pull the network plug out while you are at it. More security :)


While you're at it, pull out the cable attached to the power supply....Windows Vista Ultimate Security! ;)

This old? (4, Insightful)

LinuxGeek (6139) | more than 7 years ago | (#18542495)

With exploits as old as this one, it makes me wonder just how many high level hackers/crackers have used this in silence over the years. It could pay very well to keep ploits such as this one silent for as long as possible.

Re:This old? (4, Insightful)

truthsearch (249536) | more than 7 years ago | (#18542599)

This is a perfect example of how using Microsoft's official list of exploits is a mostly meaningless metric to determine how secure the OS really is. It gives no indication of security holes being secretly exploited for years.

Re:This old? (4, Insightful)

LilGuy (150110) | more than 7 years ago | (#18542687)

If it were true that this was exploited for years, why would it come out now? Has something even better been found and thus this one can be trashed?

Re:This old? (1)

Anonymous Brave Guy (457657) | more than 7 years ago | (#18542837)

That's true, but it's true of any exploit list. After all, how would the list maintainers know if something were secretly being exploited for years?

Re:This old? (1)

truthsearch (249536) | more than 7 years ago | (#18542941)

That's true. My point wasn't specific to Microsoft. I just used them because they're the subject of the post and such an easy target. ;)

Re:This old? (2, Insightful)

rbochan (827946) | more than 7 years ago | (#18542679)

A decade ago it was screensavers... you've come a long way baby...

Re:This old? (1)

AndroidCat (229562) | more than 7 years ago | (#18542813)

A decade ago, it was Comet Cursor. [wikipedia.org] A long way on a hamster wheel doesn't count. (Unless you're on the shuttle...)

Re:This old? (0, Flamebait)

Anonymous Coward | more than 7 years ago | (#18542705)

It could pay very well to keep ploits such as this one

WTF is a "ploit"? Is it really that hard to type those two extra letters?

It's all relative (0, Offtopic)

Headcase88 (828620) | more than 7 years ago | (#18542789)

What the fuck is WTF? Is it really that hard to type those two extra words?

Re:This old? (1)

LinuxGeek (6139) | more than 7 years ago | (#18543269)

WTF is a "ploit"?


A ploit is what happens when you type exploit with a wireless keyboard at the edge of radio range. And then neglect to carefully proofread. Shit, I forgot this is /. and only English majors are allowed, sorry for damaging your retinas.

Re:This old? (1)

Just Some Guy (3352) | more than 7 years ago | (#18542855)

It could pay very well to keep ploits such as this one silent for as long as possible.

What makes you think they didn't?

Re:This old? (3, Informative)

alexhs (877055) | more than 7 years ago | (#18542873)

Also this is not the first flaw affecting animated cursors. I remember having read about that a few years ago. Googling "animated cursor flaw" gets me to 2004-12-29 [windowsitpro.com] .
So, their problems with animated cursors are really old, back to the NT 4 era.

WTF? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18542507)

Can we add the "hahaha" tag to this one? Seriously, another flaw in the freakin mouse pointer? Microsoft's security is a joke. This vulnerability is a disgrace.

oldie but goodie (0)

Anonymous Coward | more than 7 years ago | (#18542529)

I remember reading about this on full disclosure almost 2 years ago.

Re:oldie but goodie (1)

tijmentiming (813664) | more than 7 years ago | (#18542833)

source?

Oblig. (3, Funny)

zlogic (892404) | more than 7 years ago | (#18542531)

In Soviet Russia, cursors pwn you!

Actually (1)

gcnaddict (841664) | more than 7 years ago | (#18542853)

Unfortunately, since cursors pwn you in the US, the statement must be revised (rather ironically) to:

In Soviet Russia, you pwn cursors!

See, since that doesn't exactly work with the other Soviet Russia jokes, there's no reason to post it here. You pwn cursors and cursors pwn you in the US. Now, if we replaced cursors with mice and you with your food, then we have a more appropriate USSR joke.

Correction (2, Funny)

towsonu2003 (928663) | more than 7 years ago | (#18543191)

In Soviet Russia, cursors pwn you!

Correction: In Soviet Russia, you pwn cursors! So you might want to live in Soviet Russia... Sorry.

goddam hackers (1)

Anonymous Coward | more than 7 years ago | (#18542535)

It's becoming real sad to have to think about every abuse in any single program...
I mean, why the hell should you care about how crash your application if you feed it by parameter that should not even happen in a goddam icon animation program !
It's like asking people to live in bunkers in the real world.....
Something really needs to be done about those people. They really have a too good time abusing people when they can be catched because they live in another country its too easy

catchpa:disarm...

Re:goddam hackers (4, Informative)

jellomizer (103300) | more than 7 years ago | (#18542699)

I guess you are not a student of Computer Science.
Every parameter from every possible input needs to be verified for its correctness. If there isn't you need a way of notifying the user or cleanly exiting the system to prevent cascading damage.

The concept is simple actual practice is hard.

A lot of the times these hacks are not found because they were looking for a way to hack the system but the realized there was a problem when they did something wrong but it didn't reutrn errors but had desasterious consequences.

Re:goddam hackers (0)

Anonymous Coward | more than 7 years ago | (#18542919)

Yeah yeah check everything possible, like in an airport right...(see how useful and tiresome it is, same with programs)
Guess you are STILL a Computer Scientist student.
If you are doing something that has no impact on security (this is image processing dammit) the value of your software is in what it does, not in how it resists to every possible abuse.
So yeah it is nice to let the user know why it crashes, but it should NOT be the 'priority'.
It is now sad it has become so because of the impunity the people abusing your program for malware have.
Sometimes because of that, the program to check the data is a hell lot heavier than the useful function itself....sad sad sad...

'A lot of the times these hacks are not found because they were looking for a way to hack the system '
actually yes they were, using programs to feed with bogus data everything in sight and see how it reacts.

funny catchpa:overflow...

Re:goddam hackers (1)

jellomizer (103300) | more than 7 years ago | (#18543047)

That is why I said the concept is simple in practice it is hard. The point is these flaws are due to bad programming. In real world we do bad programming Global Varables, GOTOs, Linear searches on ordered lists, but when we get the problem we need to admit it is bad programming not say well its those nasty hackers fault for making my app do what I didn't want it do do. Image Processing use to be safe, but now with more and more options it is becoming a dangerious thing.

Re:goddam hackers (4, Insightful)

Just Some Guy (3352) | more than 7 years ago | (#18543201)

Guess you are STILL a Computer Scientist student. If you are doing something that has no impact on security (this is image processing dammit) the value of your software is in what it does, not in how it resists to every possible abuse.

I was going to try to be calm and rational about this, but screw it.

It's that kind of piss-poor attitude by jackass codemonkeys that causes these stupid, avoidable problems. If you aspire to be a programmer, quit now. You are not suited for it, and the best you can hope for is working in the field for a few years before your coworkers stab you to death in the parking lot (and no one will see a thing).

You can either approach every single line of code you write by asking how it will be attacked, or you can write an OS that can be compromised by a damn mouse pointer. There is no in between. All the hoping and wishing and "gee whiz golly, no one would want to hack my code!" Pollyanna naivete in the world won't change it.

Seriously. Quit before you break something.

Re:goddam hackers (1)

oztiks (921504) | more than 7 years ago | (#18542997)

Hackers, shmakers, try not pointing the finger at an easy (and less harmful) target created from propaganda media or a misguided opinionated blog writer.

Name one hacker that has caused _any_ serious ecnomical problems on the internet so far? And if it was, it was usually done incidentally, not as the focus of the excersise.

Its organised crime sydnicates that instigate ddos attacks on corporations. So consider, would you perfer some comp sci geek, teenage kid in their moms basement discovering such holes and then reporting them to bug traq? Or would you like hired professionals who are given big wads of cash under the table to create malicious applications and provide them to people who wish to insinuate the illegal and malicious use of the code on persons/organisations?

These days companys need to protect themselfs from being held at ransom by such people, not the kids, the kids have and always just been having fun being smarter then everyone else.

The Solution is Amazing (4, Funny)

neoform (551705) | more than 7 years ago | (#18542539)

>Solution: Do not browse untrusted sites or view untrusted e-mails.

Nice, so basically I'm not supposed to read any emails from people I don't know. Sounds like a viable solution.

Re:The Solution is Amazing (0)

Anonymous Coward | more than 7 years ago | (#18542777)

Or emails from people you DO know. They could have been haxx0red!

Basically, what they are saying is that you should install Debian.

Re:The Solution is Amazing (2, Informative)

penp (1072374) | more than 7 years ago | (#18542843)

If you read the link [microsoft.com] to Microsoft's advisory about the exploit, it sounds like you're not even supposed to trust email from people you do know.

As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.
On top of that, if you read further it starts to sound like a scheme they're using to try to sell more copies of Windows Vista.

Mitigating Factors for Animated Cursor Vulnerability

Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode. For more information on Internet Explorer Protected Mode see the following Web Site.

By default, Outlook 2007 uses Microsoft Word to display e-mail messages which protects customers from the HTML e-mail preview and attack vector.

Who needs animated cursors, anyway?

Re:The Solution is Amazing (1)

ksalter (1009029) | more than 7 years ago | (#18542917)

Of course you can get IE 7 on XP too, so there is no incentive to purchase Vista.

Re:The Solution is Amazing (1)

ksalter (1009029) | more than 7 years ago | (#18542975)

Of course, I could read a little better and realize that IE 7 on XP does NOT run in protected mode, so I retract my previous statement. Doh!

Re:The Solution is Amazing (1)

Yvan256 (722131) | more than 7 years ago | (#18542939)

And since you can fake web adresses (at least for Internet Explorer) and fake email adresses (nobody is immune), you can't do anything at all.

The real solution is to disconnect your computer from teh intarweb.

Re:The Solution is Amazing (5, Funny)

ehaggis (879721) | more than 7 years ago | (#18543017)

Don't use a cursor, just guess where your mouse is pointing.

DOH! (0, Interesting)

Anonymous Coward | more than 7 years ago | (#18542545)

NO WONDER I got viruses on my personal computer by just visiting web sites, and without running any Java Applets or anything that would normally execute any code on my end. Those b**tards were running an animated cursor algorithm?? How in the heck would Microsoft allow the execution of code for that?? Microsoft needs to learn that it is NOT okay to execute code from the Internet without the user's permission, How much longer will it be before they realize this??

Re:DOH! (0)

Anonymous Coward | more than 7 years ago | (#18543117)

Yes. I'm certain the problem is that they don't "realize" they shouldn't allow arbitrary code execution. If they realized this was bad, they would automatically produce completely flawless software that has no security vulnerabilities.

Up until this point, they have been including these security holes on purpose, because we all know how trivially easy it is to produce software that is bug-free. I'm going to send them a letter, to let them know that they should stop allowing the execution of arbitrary code. That will fix this once and for good.

Thank you, fellow AC. You are fucking brilliant.

Vista Security. (1)

jellomizer (103300) | more than 7 years ago | (#18542563)

I though Vista was supposed to be the most secure OS ever. But animated mouse icons? I wonder what part of protected memory microsoft doesn't understand. It is probable due to some speedup fix so it can beat the benchmark tests. Normal use we don't see a problem but sacrifice security so it can beat the benchmark tests so it can say it is faster.

Re:Vista Security. (1)

cnettel (836611) | more than 7 years ago | (#18542587)

Let me ask a counter-question: What part of a user-mode exploit don't you understand? What I want to know is to what degree the reduced privileges of IE in Vista (confusingly also called "protected mode") makes direct exploitation of this harder.

Re:Vista Security. (1)

cnettel (836611) | more than 7 years ago | (#18542759)

Ok, replying to self. The MS advisory seems to claim that IE protected mode means that it can't exploited (just crashing IE). I would doubt that this is totally true, but it's clear that exploiting it to get general access to the user's account would need some extra work.

Re:Vista Security. (1)

jellomizer (103300) | more than 7 years ago | (#18542791)

Protected memory should prevent memory from each object from interfearing with each other. Not by user. User Mode security is just as bad as system level. Except it just doesn't have full access. But the bulk of your important information is accessable via your user account. The mouse images and animation should be in its own seporate memory block that can only be accessed via controled input calls. When the input is given it then should be checked to insure the format is sane. Finally this control should only talk back giving x and y locations and the pressure of what button and what direction the scroll button is moving. But all this information should be sent back via calls back and forth not from raw memory access. and windows shouldn't have allowed such a low level access to the mouse icon.

Re:Vista Security. (1)

cnettel (836611) | more than 7 years ago | (#18542877)

Ok, but then you don't only ask for protected memory, but a microkernel and lots of server processes. Changing page tables on the fly to do this, while keeping the number of processes low, is completely unthinkable on current architectures. As we have no actual production OS even close to the granularity you're requesting here, the question is not what part of protected memory MS doesn't understand. In this case, they understand, and use it, in pretty much the same way as "everyone" else. (If it had actually happened down in win32k.sys, the story would have been different.)

Re:Vista Security. (4, Funny)

rajafarian (49150) | more than 7 years ago | (#18543043)

I though Vista was supposed to be the most secure OS ever.

Nope. I watched their lips and every time they said, "Vista will be the most secure Microsoft operating system ever."

I think this was carefully worded by them so they could say it with an honest face.

Only affects rendering using the IE engine... (5, Interesting)

bubbl07 (777082) | more than 7 years ago | (#18542565)

From a McAfee Avert Labs blog article:

Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.
Moral of the story: don't use the IE rendering engine for cursors by avoiding using the IE web browser and by not using untrusted animated cursors in Windows.

Re:Only affects rendering using the IE engine... (0)

Anonymous Coward | more than 7 years ago | (#18542655)

Moral of the story: don't use . . . Windows.

T,FTFY.

Re:Only affects rendering using the IE engine... (2, Informative)

bubbl07 (777082) | more than 7 years ago | (#18542661)

My apologies, article here [avertlabs.com] .

Re:Only affects rendering using the IE engine... (1)

netsharc (195805) | more than 7 years ago | (#18542809)

Isn't it great how Microsoft's suggested workarounds only say "View E-Mail in plain-text, don't visit untrusted sites" (even though they claim beforehand an attacker might also try to hijack trusted sites to deliver the exploit).

Guess they can't write the obvious, "Use an alternative browser and/or email client.". Hah, what a Dubya-ian world they're living in.

So I'm assuming the way to exploit it is with CSS's cursor [w3schools.com] property:
cursor: url('some-bad-file.ani');
I'm guessing Firefox has its own animated cursor rendering engine? Are they even allowed in CSS...

Ah, the irony of something that is unnecessary other than making the GUI look pretty being responsible for endangering the system...

Why does it get to be this bad? (3, Insightful)

140Mandak262Jamuna (970587) | more than 7 years ago | (#18542605)

Well, one can understand programmers making stupid mistakes, and creating vulnerabilities. And everytime you add features, whether it is important or just bells and whistles, you always run the risk of opening up another vulnerabilities. Granting all that, why is it that, in 2007, after Vista, with "Security is Job 1 in MSFT", why does a vulnerability in a browser goes all the way up to executing arbitrary code? Browsers are expected to get data from untrustable sites, they should have heavy armour protection. Why the users are putting up with this nonsense?

Some stupid consumer protection council reports that some part of some toy can come apart and present a choking hazard to children. "As many as 3 children could have died over the last 10 years because of this!" Suddenly all news organizations act as though the sky has fallen, and on slow news day, it is even the lead story! Here we have a hazard that could get your machine rooted and pwned and steal your password and sell it in the organized crime networks, ... and the world reacts with a collective shrug.

Sorry, for the rant, I know I am preaching to the choir, just need to get it off my chest.

Re:Why does it get to be this bad? (-1, Flamebait)

stratjakt (596332) | more than 7 years ago | (#18542741)

Sh!t like this happens in firefox too, and in Opera, and in links, and any other browser you can think of.

No doubt you aren't a programmer, and wouldn't really grasp how complex a piece of software like a web browser really is, and how complex it's interactions with the rest of the operating system are.

Why do you think linux is so clunky and tied together with string, after 15 years of community effort?

Also, mister RTFA, all this exploit does is crash explorer.

Re:Why does it get to be this bad? (4, Funny)

DoofusOfDeath (636671) | more than 7 years ago | (#18542881)

No doubt you aren't a programmer, and wouldn't really grasp how complex a piece of software like a web browser really is,

Even if you're a programmer, you're still out of your league on this one. Only a plumber could understand the series of tubes that make up the Internet.

Re:Why does it get to be this bad? (2, Insightful)

tijmentiming (813664) | more than 7 years ago | (#18542887)

You missed the point. He only says it's weird that people shrug when software is insecure. It's a not a rant to microsoft, but to people who shrug.

Re:Why does it get to be this bad? (1)

140Mandak262Jamuna (970587) | more than 7 years ago | (#18542899)

Yes, Sir, I read the article.

Successful exploitation allows execution of arbitrary code. NOTE: The vulnerability is currently being actively exploited.

That is why the rant. Crash on imperfect input? I will accept that.

Re:Why does it get to be this bad? (-1, Offtopic)

DoofusOfDeath (636671) | more than 7 years ago | (#18542815)

As many as 3 children could have died over the last 10 years because of this!" Suddenly all news organizations act as though the sky has fallen, and on slow news day, it is even the lead story!

Because speaking as a parent, I'm much, much more terrified about my child dying than I am about Vista crashing.

I don't care about something that's (medium probability, low impact) nearly as much as I care about something that's (low probability, worst-case impact).

Re:Why does it get to be this bad? (0)

Anonymous Coward | more than 7 years ago | (#18542909)

Because speaking as a parent, I'm much, much more terrified about my child dying than I am about Vista crashing.
Sounds like someone needs to get their priorities in order.

Re:Why does it get to be this bad? (1)

140Mandak262Jamuna (970587) | more than 7 years ago | (#18543005)

It used to be, browsers were used mainly to access information on the 'net and the most damage that will happen to you would be your computer might crash or net wont be available. It is not such low impact scenario anymore. Bank accounts and brokerage accounts are being accessed and controlled by the browsers by millions of people every day. The real serious hackers who know enough to take advantage of these exploits are not your typical script kiddie out to have some fun or make a name of himself. They are quite risk averse and they dont directly steal your money. They harvest passwords for these bank accounts and sell them [bangkokpost.com] in the underground.

The guys who buy these passwords have lots of connections with terrorism, drug trafficking, prostitution rings and many other nefarious activities. Password harvesting algorithms running wild can do more damage to you than the choking hazard from a toy part. Really.

Re:Why does it get to be this bad? (1)

porkThreeWays (895269) | more than 7 years ago | (#18543265)

Well, I think the idea was that the world has its priorities skewed. Statistically your child would have an insignificant risk if millions of children were playing with this toy. You should be more worried about your children getting common childhood disease that could kill them. Likewise, getting your personal information stolen can make your life hell. Would you be more worried about your child having a .00001% chance of choking on a toy, or a 5% chance of having your ATM card stolen? If you said the former, then you need a reality check.

10 people can die due to a serial killer over the period of two years while at the same time millions of people die due to heart disease. Which one will the media cover? It's human nature to be scared of dying due to an external force you have no control over (such as a serial killer). However, humans have completely irrational emotions and will try to justify to themselves why a completely irrational fear is rational.

Re:Why does it get to be this bad? (0)

Anonymous Coward | more than 7 years ago | (#18542999)

When you can show a child dying from a intrusion vulnerability in consumer grade software, then you'd have a point. Until that happens, we should expect the public reactions be different.

Another way to look at the difference: the newspapers are practiced in making scary headlines for topics like toy accidents and are unpracticed for topics like IT.

rootkit != death (1)

jbengt (874751) | more than 7 years ago | (#18543101)

You're not seriously comparing getting passwords stolen with a child's death, are you?

What kind of mouthbreather would even... (4, Funny)

straponego (521991) | more than 7 years ago | (#18542609)

...install an animated cursor in the first place? Okay, besides the CEO.

Re:What kind of mouthbreather would even... (2)

Torodung (31985) | more than 7 years ago | (#18542743)

Actually, it's pretty useful for the "wait" cursors, because you can tell if the system has crashed or is stuttering badly. I use it for both the "Working in background" and "Busy" signs. If the hourglass stops moving, and sometimes it does, even if mouse control still works, you know you're waiting for nothing. It was more useful with Windows 95 and 98, but I still use it in XP.

(Actually, I use a set of modified Mac OS 8 icons, including black arrows and the classic "watch" icon, but I use hourglasses here because that's usually what folks use in Windows. There used to be an icon scheme called "animated hourglasses.")

--
Toro (breathing through my mouth)

Re:What kind of mouthbreather would even... (1)

boristdog (133725) | more than 7 years ago | (#18542753)

My thoughts exactly. Animated cursors are for secretaries and housewives. And those people will always fill their computer so full of spyware anyway, so no single exploit will matter.

Re:What kind of mouthbreather would even... (2, Insightful)

Rob T Firefly (844560) | more than 7 years ago | (#18542937)

I'll own up and admit to having used exclusively animated cursors in the past... but then again, I was a mouthbreathing teenager in the mid 1990s with my first Pentium. I also had Star Trek WAVs hooked to all my Windows events, ran After Dark's screensaver app at all times, used any excuse to look things up Compton's Interactive Encyclopedia CD-ROM, and obsessively hoarded Voyager publicity photos from Compuserve. A few blinky wiggly pointers shaped like phasers and lightsabers were the least of my crimes against good taste, but frankly, I would have totally deserved getting owned as a result.

Re:What kind of mouthbreather would even... (2, Funny)

gEvil (beta) (945888) | more than 7 years ago | (#18542957)

...install an animated cursor in the first place? Okay, besides the CEO.

My cursor is a big punching glove. It makes hitting that damn monkey that much easier...

Re:What kind of mouthbreather would even... (2, Informative)

illegalcortex (1007791) | more than 7 years ago | (#18543247)

What kind of mouthbreather would even install an animated cursor in the first place?
I'm not sure that's really the problem. Wouldn't either of those articles have listed it as a workaround if so? I think this is the actual problem:

With Microsoft Internet Explorer 6 or 7 you can use your own animated or static cursor on your webpage instead of the standard system cursor. All you have to do is add a little code to your HTML-documents or the CSS-stylesheet and upload the cursor file (*.ani or *.cur) to the webserver.
http://www.anicursor.com/webcursor.html [anicursor.com]

I don't know that there is any way to turn that off in IE or Outlook using IE's rendering.

What's to investigate? (2, Informative)

roman_mir (125474) | more than 7 years ago | (#18542613)

Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker. - <sarcasm>well, we all know not to open specially crafted e-mail messages and attachments.</sarcasm>

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. - I can give an advice even without an expensive investigation. Do not use MS IE, do not use MS Outlook, do not allow animated anything on your desktop and probably the best thing to do is to finally just plain not to use MS, but in many cases it is not an option.

Really, who uses animated anything on their desktops? It is always a performance hit. I completely disable all active desktop features immediately before using a computer with MS Windows installed. Turn off all animations, turn off 'show content while dragging window' option, switch to 'classic' look for the look of the Explorer, make sure that there are no thumbnails, switch to 'details' in the Explorer, make sure to show extensions on all files, make sure to apply to all folders and turn of 'Remember each folder settings' option.

I am not certain that this will prevent this particular problem, but not using IE and Outlook most likely would (while using other email clients do not allow active content to execute and do not trust attachments ever.) It's a real pain, it would be much better to run MS Windows in a virtual machine on GNU/Linux (VMWare I suppose.)

Re:What's to investigate? (1)

stratjakt (596332) | more than 7 years ago | (#18542693)

Who cares about the performance hit? People have quad core 3 gigahertz processors, and you're worried about an animated mouse.

We aren't all runnign linux on 486's we found in a dumpster.

Re:What's to investigate? (4, Insightful)

rbochan (827946) | more than 7 years ago | (#18542805)

...Really, who uses animated anything on their desktops? It is always a performance hit. I completely disable all active desktop features immediately before using a computer with MS Windows installed...

That's fine for you, but have you seen an average consumer machine recently? Everything from animated wallpaper to rotating slide shows to OMGPONIES!!!!!! themes get installed - usually via Active X.
You _are not_ the average user - the statement you made above proves that. The 'average joe' thinks his computer is appliance, like a toaster, because Bill Gates tells him it is.

Re:What's to investigate? (0)

Anonymous Coward | more than 7 years ago | (#18543007)

turn off 'show content while dragging window' option

Why? With any modern video card, the blit is handled entirely by the card -- the CPU doesn't have to do much beyond saying "copy this rectangle to these coordinates". In comparison, the rectangular outline of the window that you get when this option is disabled must be drawn by the CPU. You are probably decreasing your system's performance by turning this option off.

Of course, in these days of 3GHz machines, we're talking about an infinitesimal fraction of a second anyway. Who gives a crap? If this option actually makes a noticeable difference on whatever god-awful hardware you're running on, I'd say it's probably time to upgrade.

Re:What's to investigate? (2, Informative)

illegalcortex (1007791) | more than 7 years ago | (#18543107)

do not allow animated anything on your desktop
I'm not sure that's really the solution. Wouldn't either of those articles have listed it as a workaround if so? I think this is the actual problem:

With Microsoft Internet Explorer 6 or 7 you can use your own animated or static cursor on your webpage instead of the standard system cursor. All you have to do is add a little code to your HTML-documents or the CSS-stylesheet and upload the cursor file (*.ani or *.cur) to the webserver.
http://www.anicursor.com/webcursor.htm l

I don't know that there is any way to turn that off in IE or Outlook using IE's rendering.

Displaced Hot Spot (1)

G4from128k (686170) | more than 7 years ago | (#18542623)

It would seem that any remotely defined cursor could be used maliciously by displacing the hotpoint relative to the cursor graphic and encouraging the user to click on something "safe" when the real hot spot for the click is elsewhere over something untrustworthy.

Re:Displaced Hot Spot (0)

Anonymous Coward | more than 7 years ago | (#18542953)

Good thinking, but there might be size restrictions to this, especially if we're talking hardware mouse pointers (which we might not be).

Criminals using this vulnerability ? (5, Funny)

Rastignac (1014569) | more than 7 years ago | (#18542631)

Our security expert, Jackson M., just tolds us:
" So, ANI are you ok ? Are you ok ANI ?
    You've been hit by... you've been hit by... a smooth criminal ! "

MOD PARENT UP: +1 Funny (0)

Anonymous Coward | more than 7 years ago | (#18543079)

Subj sez it all

A workaround for this... (5, Funny)

Anonymous Coward | more than 7 years ago | (#18542665)

A workaround for this is to install some quality cursors.
I use the comet cursor package that installed itself automatically when I browsed the web.
It has some great cursors and loads of other features that make using Windows far more entertaining.

I have not been able to remove or alter the comet cursor package since it installed itself, so I think it will protect very well against other cursors getting installed on my computer.

Oh So Happy It's Thurday... (0)

wowbagger (69688) | more than 7 years ago | (#18542781)

This was announced on The Register [theregister.co.uk] yesterday, making it yet another
Oh
So
Happy
It's
Thursday
moment again.

I can hear Ballmer screaming... (5, Funny)

xactuary (746078) | more than 7 years ago | (#18542811)

Cursors? Foiled again!

what about a vulnerability in Clippy? (0)

Anonymous Coward | more than 7 years ago | (#18542819)

I mean, common', dark-side hackers, bring us a Clippy vulnerability while Clippy still exist!

Re:what about a vulnerability in Clippy? (1)

sqlrob (173498) | more than 7 years ago | (#18543259)

There's already been one for Clippy, or at least the underlying technology. They were scriptable and could execute arbitrary code.

Not today (1)

hansoloaf (668609) | more than 7 years ago | (#18542831)

Wait till Sunday for April Fool's.

Windows Vulnerability in Antimater Containment (0, Offtopic)

jimstapleton (999106) | more than 7 years ago | (#18542915)

I read "Windows Vulnerability in Antimatter Containment Field" when I first saw that... I must be too tired. Regardless, that's more interesting than the actual article, so maybe being to tired isn't a bad thing.

Solution: "You are trying to move the mouse..." (5, Funny)

Anonymous Coward | more than 7 years ago | (#18542955)

[Cancel] or [Allow]?

Stop the animated scrolling up and down (1)

BanjoBob (686644) | more than 7 years ago | (#18543035)

thursdays update killed my system. every window scrolls up and down at 1000 mph. you can't click anything at all. so who cares about an animated cursor -- i need to stop the animated window. oh, i'd like to get my shift keys working again too. they are now backup to previous window keys. thanks microsoft

Caution (5, Informative)

Alioth (221270) | more than 7 years ago | (#18543039)

If you think you're not vulnerable because you won't be downloading an animated cursor, or you're not vulnerable because you have AV software, read this:

http://www.secureworks.com/research/threats/gozi/ [secureworks.com] ...which has a similar infection vector (by merely visiting a web page you get infected), and went undetected for 54 days.

This latest silent exploit, which can be used by merely visiting a web page, will be used for other similar attacks.

Clippy's Fault (0)

Anonymous Coward | more than 7 years ago | (#18543061)

Who else immediately thought this was somehow due to clippy?

Clippy: I see someone just took over your system. Would you like help in panicking?

This doesn't include all cursors... (1)

192939495969798999 (58312) | more than 7 years ago | (#18543087)

I'm sure that those "free animated george bush cursors" ads that pop-up when I'm surfing around are safe from this, right?

Migrate to GNU/Linux, not Vista (0)

Anonymous Coward | more than 7 years ago | (#18543273)

Our company did last year, cities of Vienna and Munich did, French parliament did, it should work out very nicely for you too. Our former XP users love KDE.

No need to put yourself through pains when you can improve security, save money and achieve a good deal of vendor independence all at the same time. Why support the Microsoft monopoly by paying ridiculous prices for bug ridden software with DRM restrictions, when you can run Free software on the industry standard (and thus inexpensive) hardware?

Knowing everything I know now, I only regret that we did not migrate to GNU/Linux sooner.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?