What Is It?

There is an unchecked buffer error in the code that processes animated cursor files. Unchecked buffers are the types of errors that can allow malicious people to take complete control of your computer. Exploit code has been published, is being actively used, and is almost impossible to prevent, using normal protective measures, such as virus scanners and similar tools.

What Should You Do?

Since this vulnerability is being actively exploited, and it is almost impossible to defend against it, Microsoft has issued a special update, published a security bulletin, and issued the monthly Microsoft Product Security Bulletin Summary one week early. These unusual steps should give you an idea of the seriousness of the problem.

1.    Please visit the Microsoft Update Web site, at https://update.microsoft.com/microsoftupdate/, and accept all critical updates, at your earliest convenience.

2.    If you cannot update your computer right away, you should seriously consider temporarily disabling the preview pane in your email program, because this vulnerability can be exploited when a message is displayed in the preview pane, regardless of your security settings.

Important

This vulnerability affects all versions of Microsoft Windows, including Vista.

References

• Microsoft Update is at https://update.microsoft.com/microsoftupdate/
• Microsoft Security Bulletin MS07-017 is at http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx.
• US-CERT Technical Cyber Security Alert TA07-093A is at http://www.us-cert.gov/cas/techalerts/TA07-093A.html.
• US-CERT Technical Cyber Security Alert TA07-089A is at http://www.us-cert.gov/cas/techalerts/TA07-089A.html.