Windows security flaw linked to Super Bowl site attack
Last Updated: Friday, March 30, 2007 | 1:35 PM ET
CBC News
Related
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
A security flaw in Microsoft Corp.'s Windows software that leaves computers vulnerable to hijack is linked to February's attack on the website of Super Bowl host Dolphin Stadium, researchers say.
In an advisory issued by Microsoft Thursday, the world's largest software maker said it had confirmed that multiple versions of Windows — including the latest Vista version — contain a flaw in the way the operating system handles animated cursors or pointers.
The animated cursor files end with the filename extension ".ani" and are sometimes used by software such as Microsoft's Office suite and by website developers to enhance or modify the experience of using the computer. The vulnerability could allow an attacker to take control of a computer.
| WINDOWS VERSIONS AFFECTED |
|
Vista 2000 SP4 XP SP2 XP 64-bit v. 2003 for Itanium systems XP Professional x64 Server 2003 Server 2003 (Itanium) Server 2003 SP1 Server 2003 SP1 (Itanium) Server 2003 x64 |
"In order for this attack to be carried out, a user must either visit a website that contains a web page that is used to exploit the vulnerability or view a specially crafted e-mail message or e-mail attachment sent to them by an attacker," Microsoft researcher Adrian Stone wrote in a post to the company's security blog.
The company noted that it has added the ability to detect the flaw to its Windows Live OneCare security software suite and plans to issue a security update for the operating system.
Security software maker McAfee Inc. researcher Craig Schmugar noted in a post to the company's Avert Labs blog Thursday that an attack on the Dolphin Stadium website in February used the same computer script that is now being used to exploit the animated cursor flaw.
The script that was embedded in the Dolphin Stadium web page — and thousands of others — downloaded spyware from a server registered in China, giving attackers full access to a victim's computer.
Share Tools
Top News Headlines
- Air Canada confident it can reach deal with pilots
- Travellers flying Air Canada can keep booking their flights as negotiations continue with a new federally appointed mediator to help resolve an ongoing contract dispute between the airline and its pilots. more »
- Legalize pot, say former B.C. attorneys general
- Four former B.C. attorneys general are joining a coalition of health and justice experts calling for the legalization of marijuana. more »
- Whitney Houston's funeral to be held Saturday
- Pop star Whitney Houston's funeral service will be held Saturday in the New Jersey church where she first showcased her singing talents as a child. more »
- Online surveillance bill targets child porn: Toews
- A bill that would give police and intelligence agencies new powers to access Canadians' electronic communications is needed to protect against child pornography, says Public Safety Minister Vic Toews. more »
Latest Technology & Science News Headlines
- New iPad anticipated in March
- The latest version of Apple's iPad tablet will launch in early March, according to blog and media reports this week. more »
- Higgs boson hunt aided by energy boost
- The world's largest particle accelerator is ramping up its beam energy in hopes that scientists will learn definitively this year whether the last undiscovered particle in the Standard Model of Physics exists. more »
- Nortel hit by suspected Chinese cyberattacks for a decade
- Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to a report. more »
- U.S. weighs steep nuclear arms cuts
- The Obama administration is weighing options for sharp new cuts to the U.S. nuclear force, including a reduction of up to 80 per cent in the number of deployed weapons, The Associated Press has learned. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 14, 2012 9:22 AM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- Legalize pot, say former B.C. attorneys general
- Botox injected by unlicensed practitioners
- Toronto NBA fans experience 'Lin-sanity'
- Homicide follows Vancouver family argument
- Tires slashed on more than 100 cars in Surrey
- Trudeau says sovereignty less of a bogeyman now
- Online surveillance bill targets child porn: Toews
- Adults told B.C. teen had taken ecstasy
- B.C. Mountie drank to 'calm nerves' after fatal crash
