Microsoft Security Advisory 935423 Posted

Hey everyone this is Adrian Stone,

I wanted to let people know that we have just posted Microsoft Security Advisory (935423). This advisory addresses new public reports of very limited attacks against a newly reported vulnerability in Microsoft Windows Animated cursor handling. We’ve activated our Software Security Incident Response Process (SSIRP) and there are few items worth noting:

In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability, view a specially crafted e-mail message, or opening a specially crafted email attachment sent to them by an attacker.

While the attack appears to be targeted and not widespread we are monitoring the issue and will update the Advisory and blog as new information becomes available.

Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability and we will be working with our MSRA partners to monitor and help protect customers.



I also just wanted to drop in and make a quick update as our Secure Windows Initiative Team has been hard at work analyzing the issue throughout the day and we have identified some additional info regarding e-mail and its role as a mitigation and workaround for this attack. The mains points are:


  • If you are reading Outlook 2007 you are protected regardless of if you are reading the mail as plain text or not.

  • If you are reading email using Windows Mail on Vista you are protected as long are not forwarding or replying to the attackers email. 

  • Regardless of if you are reading your mail in plain text on Outlook Express you are not protected.

*This posting is provided “AS IS” with no warranties, and confers no rights.*