ANI flaw attacks on the rise with Vista patch unstable

All of us should now be well acquainted with the ANI flaw which is present in all versions of Windows right up to Vista. For those who aren’t familiar with it the ANI flaw allows a hacker to take control of a system through specifically crafted websites with the use of animated cursors and can use that to steal information.

ANI files are responsible for displaying animations or customized cursors should the owner of the website decide to do so. Personally, I hate sites that do that but to each his/her own. Microsoft has released a patch for the ANI flaw and even though websites exploiting this flaw continue to rise you may not want to install the patch.

The ANI patch is described in this Tech Net article and available as Update KB925902 for Windows Vista is on a trial and error basis. This patch in and of itself may be worse than the flaw it repairs. Based on information that I have gathered you’re looking at a 50/50 chance of it working or just causing crash restart loops which the ANI flaw, if exploited, can do.

I installed the patch on six systems; there were no problems on the two XP systems so if you are running Windows XP you are fine. The problem lies with Vista. It almost seems as if Microsoft did not even bother to test the hotfix on Vista systems. I have four, one refused to boot (except to safe mode), it caused a crash restart loop on one, inanely long startup times on another and it took to my laptop just fine. Uninstalling the patch fixed the problems on the other systems.

Despite the fact that Microsoft can now claim the flaw is indeed patched, I would recommend that you take extreme caution if you decide to install it and be aware of the problems it may cause. If it does cause problems you may have to enter Safe Mode to uninstall the patch.

It seems that the hackers of the world are counting on the fact that some people may not have this installed and are continuing to build websites to exploit it. Computer World says that most of them are based out of Asia and Europe. Both seem to be interested in stealing log-on identifications and information stealing.

In this case it seems the cure is worse than the disease. I do not recommend installing the patch, just have up to date anti-virus, spyware and firewall protection. Any decent security suite combined with UAC (User Account Controls) on Vista should be able to keep this type of attack at bay until a better (more stable) patch arrives.

• Animated cursor flaw patch due from Microsoft early
• Apple fixes Quicktime flaw on Windows Vista, XP
• Microsoft concedes Vista and Internet Explorer security flaw
• Windows Vista immune to remote code execution flaw in Microsoft Jet Database
• Recent WGA failure shows flaw in Microsoft’s strategy for Vista, Office