[ISN] Microsoft Repatches Its .ANI Emergency Patch

From: InfoSec News (alerts@private)
Date: Mon Apr 09 2007 - 23:25:49 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=198900231

By Sharon Gaudin
InformationWeek
April 9, 2007 

Still dealing with problems with last week's emergency .ANI 
vulnerability patch, Microsoft has fixed three more issues in a 
"high-priority" update.

Microsoft issued a hotfix for the patch on Tuesday, April 3, just hours 
after the original patch was released to the public. A hotfix is a small 
patch; typically they come out more frequently and with much less 
fanfare than the normal cycle of monthly or emergency patches. This time 
the hotfix was used to correct a problem in the emergency patch.

The hotfix was released last week to deal with a problem stemming from 
some files in the patch and the operating system having conflicting base 
addresses. Because of that, with computers running Microsoft Windows XP 
with Service Pack 2, the Realtek HD Audio Control Panel had problems 
starting after the patch was installed. Users also received an error 
message about an illegal system DLL relocation.

After that issue was dealt with in the hotfix on Tuesday, Microsoft 
updated the hotfix on Friday to deal with other programs that were 
affected on Windows XP, Service Pack 2 systems.

Microsoft noted in an advisory that ElsterFormular 2006/2007, German tax 
calculation software, was affected. TUGZip, a free archiving tool, and 
CD-Tag, a tool for ripping CDs and renaming or converting audio files, 
also were affected.

Users running these applications were having problems getting their 
computers to start after installing the patch.

"While the impact of these issues is clearly not widespread, it is 
affecting some of our customers," said Christopher Budd, a security 
program manager, in the Microsoft Security Response Center blog. 
"Customers who do not have any of the applications will not get the 
hotfix. We are able to do this by tailoring our detection logic to 
target only those systems with the security update for [the .ANI bug] 
and these four applications."

The .ANI vulnerability involves the way Windows handles animated cursor 
files and could enable a hacker to remotely take control of an infected 
system. The bug affects all the recent Windows releases, including its 
new Vista operating system. Internet Explorer is the main attack vector 
for the exploits.

Users or IT managers can manually download the hotfix if necessary.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Mon Apr 09 2007 - 23:35:11 PDT