Sunday, April 1, 2007

Raised ThreatLevel Due To Widespread 0-day ANI Exploit

The ANI vulnerability is going from serious to very serious. The Threat Center Threat Level has been raised and will remain raised until the threat subsides or official patches are available.

Variants on the ANI exploit are circulating very fast and already one worm has been detected that takes advantage of this exploit to infect web pages (.htm, .html, .aspx, .php, .jsp, etc.) and executable files.

There is no workaround for this vulnerability, but both the Zero-day Emergency Response Team (ZERT) and eEye Security have released unofficial patches that can be used to reduce the risk for machines while we wait for an official patch from Microsoft. Note that we have not tested these patches thoroughly and are not endorsing them.

Update: Microsoft's blog says that they plan to release an emergency patch to fix this vulnerability on Tuesday, April 3rd. Stay tuned.

Note from the sponsor: eSoft's Gateway Anti-Virus and Intrusion Prevention products protect customers from this vulnerability. However, laptops infected with a worm while not being protected by an eSoft Gateway could potentially infect the network. Please be sure to virus scan any laptop computers before allowing them to connect to your local network.

No comments: