Most Popular
| Top Stories | Commented | Featured |
TechSpot Blog: Disable Windows automatic check for solutions after a program crashes featured
Weekend Open Forum: Google Chrome OS and the future of cloud computing featured
Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes featured
Sony: PlayStation 3 to be 3D-capable via firmware update
Radeon HD 5970 supplies dry up quick, not a big surprise
Xbox Live bans prompt class action lawsuit
Mozilla reveals 2008 revenue, rumors say Firefox coming to PS3
Weekend tech reading: How to run Chrome OS as a virtual machine
TS Community
| User Gallery | Recent Discussion |
 Para OWNAGE by Sean |  OS History - WinME by lopdog |
 Semi-finished product by HanoverFist |  Camaro by Bigben69 |
TechSpot RSSInformation Technology
2,000 sites exploiting .ANI cursor flaw
The cursor exploit which Microsoft is having so much fun with has become much more popular among exploiters lately. According to some estimates, there are more than 2,000 sites using this exploit to one end or another. Websense, who gathered these statistics, says that these sites are either directly hosting exploit code or are redirecting to sites with the code, and that the number of infected sites has risen dramatically since the exploit was made public last month.
Microsoft did release an emergency fix, outside of their regular patch cycle. How many people are unpatched or are unable to patch? Probably a lot, especially with the number of companies that delay patching for compatibility reasons. The nature of this exploit is such that immediate patching is a good idea, especially since it requires no interaction beyond visiting a compromised site. As the article mentions, it may be a long time before we see the end of this one.
Microsoft did release an emergency fix, outside of their regular patch cycle. How many people are unpatched or are unable to patch? Probably a lot, especially with the number of companies that delay patching for compatibility reasons. The nature of this exploit is such that immediate patching is a good idea, especially since it requires no interaction beyond visiting a compromised site. As the article mentions, it may be a long time before we see the end of this one.
User Comments (1)
Post a comment| phantasm66 on April 10, 2007 4:20 PM | I read a XSS for this written in java script , and it was completely simple and easy to follow. Nothing to it at all, really.
|
