will issue a security update on Tuesday
to protect customers from a new criminal attack on their computers, according to a company spokesperson. A security expert said the attacks originate in China and have focused on obtaining the credentials of online role-playing gamers.
The new virus, originally reported
last week, exploits a vulnerability in how Microsoft operating systems,
including Vista as well as previous versions of Windows, handle animated
cursor (.ANI) files. The attack vector can be either a Web page or e-mail
message containing the malicious code.
Microsoft had originally planned to release the patch next Tuesday as part
of its regular monthly release of security bulletins, but decided to release
the update ahead of schedule because it has become “aware of the existence
of a public attack utilizing the vulnerability,” the spokesperson said in an
The spokesman added that “Microsoft’s monitoring of attack data continues to
indicate that the attacks and customer impact is limited.”
But according to Ken Dunham, director of the rapid response team at iDefense
Verisign intelligence operations, exploitation of the vulnerability took off
over the weekend. “The new ANI exploit will be a long-term persistent
threat, one of the most significant we’ve seen in the past three years,” he
wrote in an e-mail.
According to Dunham, hacker log files and payloads indicate that many
of the original attacks, mainly out of China, are focused on the theft of
role-playing game credentials. “Real hackers are making real money in a
virtual world,” he wrote.
Thus far, however, all exploits to date have impacted only Windows XP SP2.
But Dunham cautioned that the attacks will pose a significant danger to
enterprises as the work week resumes.
Microsoft said customers should download the patch, MS07-17, to protect
themselves from the exploitation. Customers who use Automatic
Updates will receive the update automatically and do not need to take any
Consumers can also manually download and deploy the update by visiting the Microsoft Windows Update page.