Windows zero day flaw 'very dangerous,' experts say

The Windows zero day bug now being used by attackers is extremely dangerous, security researchers said today, and ranks with the Windows Metafile vulnerability of more than a year ago on the potential damage meter.

"This is a good exploit," Roger Thompson, CTO of Exploit Prevention Labs, said in an instant message exchange. "It's very dangerous. One of the reasons is that there's no crash's instantaneous. And all it takes is visiting a site."

Yesterday, Microsoft Corp.'s Security Response Center (MSRC) issued an advisory acknowledging a bug in Windows' animated cursor, a component that lets developers show a short animation at the mouse pointer's location. Attackers, who are already exploiting the bug in limited fashion, can hijack PCs by tempting users to malicious Web sites or by sending them a malformed file via e-mail. Update: Windows zero-day flaw 'very dangerous,' experts say

Linked by shanmuga Tuesday, 3rd April 2007 1:14AM