Zero-day for Microsoft – Three Months Warning Not Enough?


Today, SANS went to InfoCon YELLOW, due to an exploit involving how Microsoft Windows OS’s handle malformed ANI files. It seems to affect nearly any OS Microsoft makes, so long as they are at the latest patch levels. This includes Vista, and includes IE7. IE7 on Vista in Protected Mode seems to offer protection.  The exploit is silent, and allows arbitrary code execution.

According to the article on SANS, Microsoft was warned about this back in December by Determina.  Yup, three months ago (this is being generous, since it is now April).

Way to go, Microsoft.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: