Microsoft readies emergency ANI patch
微软公司将发布动画光标补丁
Published: 2007-04-02
Microsoft shifted gears over the weekend, announcing plans on Sunday to release an emergency patch for a vulnerability that the company has known about for more than three months.
微软公司于周末迅速作出调整,准备在本周周日发布针对这个漏洞的补丁,这个漏洞微软公司早在三个月前就知道了。
The flaw, which occurs in the way that Windows handles animated cursor (.ANI) files, came to light last week, after attackers started using the vulnerability to compromise victims through Web and e-mail attacks. Security firm Determina had notified Microsoft of the vulnerability in December 2006, and the software giant planned to fix the issue in its regularly scheduled April patch, the company said.
漏洞在上个星期已经被黑客利用来攻击系统,它利用动态光标漏洞绕过系统来控制Windows,入侵者利用漏洞通过网站和Email来攻击其他机器。信息安全公司Determina早在2006年12月份就向微软告知了这个漏洞,但是微软公司却按照议程准备在4月份修补这个漏洞。
Now, Microsoft will release the patch a week early.
现在微软公司已经比预期时间早1个星期解决这个问题。
"From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat--additionally, we are aware of public disclosure of proof-of-concept code," Christopher Budd, security program manager for Microsoft Security Response Center, said in a statement posted to the group's blog. "In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007."
微软安全部门管理者Christopher Budd在他的Blog说道:“我们目前正在密切关注着局势,我们认为到本周周末,黑客通过这个漏洞攻击将会稍微增多,我们已经捕获到了相关的代码。我们将侧重用户的反馈意见,我们正日夜不停的测试补丁,准备在2007年4月3日发布漏洞补丁供大家下载。”
Reports of attacks and public exploits using the flaw in the way Windows handles animated-cursor (.ANI) files increased toward the end of last week. A group that uses compromised Web sites to redirect visitors to a number of Chinese sites hosting malicious content has begun to exploit the flaw to compromise victims' systems. Security Web site milw0rm.com is currently hosting two different exploits for the vulnerability. Both Immunity and the Metasploit Project have incorporated exploits for the issue into their security-checking software.
研究表明黑客利用ANI漏洞攻击将会在本周周末稍微增加。目前黑客首先攻陷中国一部分主机站点,然后通过这些主机站点来攻击那些有漏洞的系统。安全Web站点milw0rm.com正在尝试两种方案解决这个漏洞。免疫性和Metasploit项目,这两个项目的作用就是用来检测软件系统的安全性。
The flaw affects all versions of Windows, including Windows Vista, and can be exploited through Internet Explorer 6 and 7 as well as e-mail. Microsoft stated that the company will continue testing the patch up until release and an issue could be found that delays the release of the update.
漏洞对所有Windows版本都有影响,当然包括Vista,它也可以通过IE6,IE7和Email入侵系统。微软公司声明公司正在测试补丁,所以补丁的发布可能要推迟一点时间。
阿里云助力开发者!2核2G 3M带宽不限流量!6.18限时价,开
发者可享99元/年,续费同价!
