Microsoft is developing a patch for errors, which uses Internet Explorer, as the principal instrument of attack on the system. Microsoft confirmed the emergence of fresh mistakes, for which there is already exploit. The essence of mistakes is how Windows handles file with the squiggly animated cursor, which allows an attacker to gain control of a remote system. This error is present in all versions of Windows, including Windows Vista.

In his statement, Microsoft reported that the company's researchers are working on the issuance of the patch. "In order to perform this attack the user must visit the specially created web page using this vulnerability, see specially machined e-mail, or open an attachment to the letter" - said in his blog Adrian Stone, a researcher Microsoft - "At the moment, it seems, the problem is studied , and lacks widespread, we will monitor the situation and will update our blog and make statements when new information. "

Martin Van Horenbik operator in the Internet Storm Center said on its website that the organization had already identified the domains of malicious code using this vulnerability, the same was said and Craig Schmugar, researcher McAfee, in his blog.

"Preliminary tests have shown that Internet Explorer versions 6 and 7 running on a system with Windows XP SP2, with all established patch vulnerable to the exploit" - Schmugar wrote, adding that exploit loads and executes arbitrary *. exe files. "The process is taking place quietly."

Name: 84984.jpg Views: 19 Size: 39.4 KB

TrendMicro also deployed an advisory warning, which says that the Trojans using this vulnerability, and called Anicmoo.ax can get into the system in a specially constructed file animated cursor (*. ANI), which will be downloaded unsuspecting user, or may be attached to the e-mail in HTML format.

Microsoft said that the added security scanner in Windows Live OneCare signatures for the early detection and removal of malicious software that uses this vulnerability.