Microsoft Windows ANI Handling Vulnerability (UPDATED)

Who loves those animated cursors?

Before grabbing those stuff from anywhere, be careful. Microsoft has recently issued an advisory on a Windows vulnerability in handling ANI files (animated cursors).

And people being prone to social engineering attacks, animated cursors are very good social engineering attack vectors. Hence, malware exploiting the said vulnerability has appeared. There’s the Trojan downloader TROJ_ANICMOO.AX, which downloads (what else) another Trojan. Then there’s Agent.BKY, which infects PHP and HTML files with a script that points to a site where the ANI file is hosted.

A specially-made ANI file to exploit the vulnerability can be embedded on an email or on a Web page. So read SANS Internet Storm Center for mitigation measures.

Good thing that Microsoft will issue a patch on April 3 PDT (that will be April 4 PH time), one week ahead of the usual Patch Tuesday. Don’t forget to patch, and update your antivirus apps.

UPDATE: Microsoft has released the patch here. Apply this patch, as the vulnerabilities covered by this patch are critical in nature (elevation of privileges, denial of service, remote code execution).