Animated cursors can take down Windows

Microsoft might have worked hard to improve security and stability in its new Windows Vista operating system, but as BetaNews reports, the OS can be taken down by a lowly animated cursor. Even more embarrassing is the fact that Microsoft has admitted that Windows 2000, Windows XP, and Windows 2003 are all affected by the exact same issue. McAfee has a video of the problem up on YouTube. Apparently, as soon as one drags and drops a malformed .ANI icon file onto the desktop, Windows Explorer enters a loop where it keeps crashing and restarting itself indefinitely. Microsoft says the bug can also be triggered by visiting a website or by viewing a specially crafted e-mail message.

This isn’t the first time Microsoft’s animated cursor format has caused problems. Over two years ago, Microsoft issued patches for a vulnerability with the cursor format that could actually allow remote code execution in Windows NT, Windows 2000, Windows XP, and Windows Server 2003.

Comments closed
    • Snake
    • 14 years ago

    (edit) Oops

    • Shintai
    • 14 years ago

    Just on a sidenote for those that skipped reading the article….

    It doesn’t work if you use IE7 and doesn’t work if you use Office 2007 and doesn’t work if you use FF2.0 or up.
    And it also doesn’t work if the user doesn’t have admin rights.

    It requires the user to install a animated cursor and then click on a website link twice. That just doesn’t happen.

    It’s like posting: Smashing your computer may destroy it..

      • willyolio
      • 14 years ago

      that’s like saying getting people to click on some weird link and give up their credit card info just doesn’t happen. no forseeable security problems there, no siree.

        • Shintai
        • 14 years ago

        Well..more like I wouldn´t put t in as a crital exploit that can be used by just visiting a site etc. Its like sending a virus exe or something. Nothing can completely prevent user stupidity. Education is the key.

    • A_Pickle
    • 14 years ago

    This does bug me. Microsoft really needs to get their act together and make Vista a really good operating system. It’s nice right now, but they really ought to just go through it and clean up all the cruft of it. No more old Win NT-esque dialogs, and no more stupid bugs like that. Argh.

      • indeego
      • 14 years ago

      And the new code is untested. New code is no guarantee of long term securityg{<.<}g

      • Forge
      • 14 years ago

      Microsoft has all but proven themselves incapable of writing good clean code. Leaving the flamebait topics of Win/Lin/OSX vulnerabilities out of this, as well as any ‘OMFG MY OS > UR OS’ crap, it’s pretty clear that MS once ID’ed this flaw, fixed it, AND THEN UNFIXED IT LATER. That’s a pretty major screw-up. This tells me that MS has too many cooks and not enough dishwashers, too much management and not enough managing.

      When you break someone else’s fix because you didn’t know about it, and no one notices for years, your development team is too big/too out of touch.

      And MS? Comment your freaking source code. That’s how you prevent these type of screwups at the most minimal level, all the version tracking systems and bizarre team meetings should be backup for that. Too many people have noted your piss-poor commenting too many times to ignore any longer. If you have a million monkeys banging on typewriters (and you apparently do), having some GOOD comments in your source can keep them from undoing each other’s work.

        • indeego
        • 14 years ago

        Mozilla did the same thing with the 2.0.0.3 update. The .0.0.2 update for firefox reintroduced an earlier bug from years pastg{<.<}g

    • Ryu Connor
    • 14 years ago

    Another good example of how old code isn’t necessarily more robust or secure code.

    • Snake
    • 14 years ago

    I got it – here’s the long-standing tech phone call!

    —————————————————-

    Customer: “My computer crashes”

    You: “What operating system are you using?”

    Customer: “Microsoft”

    You: “..and what did you do differently?”

    Customer: “I moved my mouse”

    You: “I’m sorry, but you have voided your warranty, corrupted the OS, crashed your hard drive and destroyed the internet as we know it.

    There’s absolutely nothing we can do for you.”

      • albundy
      • 14 years ago

      LOL! funny.

    • Fighterpilot
    • 14 years ago

    That would be ‘pretty serious” in comparison to what….say 3rd World debt,the AIDS crisis,teen pregnancies?
    I’ll try not to lose to much sleep over malformed icons bringing down the Internet overnight.

      • Snake
      • 14 years ago

      “y[

      • ludi
      • 14 years ago

      Explain why you are posting in a COMPUTER TECHNICAL FORUM if you are not interested in things affecting technical computer users.

      • willyolio
      • 14 years ago

      teenage computers can get pregnant???? oh my god, where can i buy some USB condoms?

        • bthylafh
        • 14 years ago

        Just quit humping your computer.

          • willyolio
          • 14 years ago

          i can’t, it’s too sexy. oh crap, i think my computer just gave me AIDS too!

          man, these are serious tech problems we have to address right now.

        • ludi
        • 14 years ago

        I doubt it. Computer years are somewhat like dog or cat years, so teens = very very old.

      • LoneWolf15
      • 14 years ago

      Obviously you don’t work in IT, so I’ll forgive your low IQ in technology and logic.

      This is the kind of issue that scares sysadmins socks off. If someone issues an exploit involving this that we can’t easily protect our users from, and that might require tons of sneaker-netting to fix (i.e., we have to visit systems one-by-one to fix them) then it’s damned well serious to us.

      Your comments on AIDS, etc. are a silly, stupid straw-man argument, since they’re not even relevant from a computer perspective which is WHAT THIS WEBSITE IS ALL ABOUT (hint: if you want a site that engages in AIDS or teen pregnancy crisis dialogue, this isn’t it). When you have managed to beg, borrow or steal a clue, feel free to come back and debate some more.

        • TheTechReporter
        • 14 years ago

        Yes, the issue here is that someone could mix a malformed .ANI file with some kind of malware, _not_ the average joe downloading bunches of animated cursors off the internet.

        Also, a simple fix for this is to boot to a command prompt (ie, bypass the GUI), and then delete the .ANI file off the hard drive. It doesn’t matter whether or not this exploit works in safe mode.

      • Darth Willis
      • 14 years ago

      Vista’s closed. It’s full of AIDs and fail.

        • DreadCthulhu
        • 14 years ago

        At least their aren’t any stingrays in Vista.

    • Fighterpilot
    • 14 years ago

    Hey Kewl!…another pedantically minor nitpick about Vista we can put on the front page of the website….we havent had one in….oh…a day or more.
    Its bound to be hugely interesting to most tech readers after all.
    No doubt the majority of users will be importing misformed icons by the sea container full so they’ll be pumped that we warned em.

      • Snake
      • 14 years ago

      “y[http://securitywatch.eweek.com/exploits_and_attacks/workaround_out_for_windows_ani_zero_day.html<]§ "r[

        • Shinare
        • 14 years ago

        Lets see, which is more serious, a rampant deadly virus that infects every person on the planet and kills %100 of those affected by it almost instantly, but only one in about 1 billion are affected by it, or cancer?

        I think time is better spent on curing cancer than working on the virus.

      • danny e.
      • 14 years ago

      whats Gates like in bed?

      • Vrock
      • 14 years ago

      If a minor bug causes a major problem, it’s not a minor bug.

      • ludi
      • 14 years ago

      Not much of a reader, eh?

      This appears quite early in the linked article:

      “It isn’t even a new exploit, as researchers with eEye discovered in January 2005. At that time, Microsoft acknowledged it affected versions of the operating system from the first edition of Windows 98 through to early releases of Windows XP, though it stated at the time XP SP1 was unaffected.

      “But apparently after researching field reports of limited attacks, Avert Labs discovered an apparently similar exploit using .ANI files impacts XP SP2 and Vista as well, as well as Windows 2000 SP4 and versions of Windows Server 2003 from the initial release through to SP1. Avert Labs stated XP SP1 and versions since were unaffected, though Microsoft warned the exploit does affect XP SP2.

      “If both firms’ accounts are correct, Microsoft may have fixed the problem with XP SP1 in 2005, and inadvertently un-fixed it sometime afterward.”

      So…the root of the problem (explorer entering an endless crash loop in response to malformed animated icons) has been around a long while, Microsoft knows about it, and yet it persists in the newest release of Windows. Sounds like relevant news to me, especially since computers owned by non-technical people tend to get filled with exactly this kind of junk. Now at least I’ll have an idea what might be causing it if I encounter it when troubleshooting my relations’ systems.

    • Ricardo Dawkins
    • 14 years ago

    bah…80-90% marketshare is good!

    • blitzy
    • 14 years ago

    and is safe mode affected?

    As long as microsoft is behind their product with updates and support, I really don’t mind small issues like this. It is an obscure problem that 99% of users will never encounter, as long as a patch is rolled out in good time then big deal. If it was something along the lines of blaster, then that is another case entirely.

    Too bad every man and his dog are just looking for any reason to bash Vista, save your blackjacks for something bigger eh. Well that is unless your favourite passtime is downloading malformed pointer files to your desktop…

      • indeego
      • 14 years ago

      Blaster had a patch out for it a month beforehand
      .

      I was hiking in Three Sisters, Oregon, and I checked in with work and nobody had noticed anythingg{.}g

        • blitzy
        • 14 years ago

        so in that case it’s the users faults for not updating or, microsofts for not defaulting to automatic updates back then… which ever way you want to look at it

    • SuperSpy
    • 14 years ago

    This EXACT kind of issue is why I hate Windows so much. Instead of fixing these silly ‘oops’ bugs, they continue to cram more features in the OS without actually making the old ones work like they should.

    This is the type of thing that should never make it out of bugtesting on a major operation system, yet it has been around for years, unfixed on versions that millions of computers run.
    [/rant]

    • Shintai
    • 14 years ago

    And this is when we think on how bloated OSes are today…Why cant it just be plain and simple. Why do we need a trillion options and stuff.

    • just brew it!
    • 14 years ago

    *snicker*

    Imagine the teasing the developer who coded that one is gonna get from his colleagues! 😀

      • thecoldanddarkone
      • 14 years ago

      I guess I should be careful, lol. (I really could care less as long as it gets fixed now)

      It is funny.

    • roadrunner
    • 14 years ago

    A cursor…that’s it….cute.

      • Vrock
      • 14 years ago

      Teasing? I’d think he’s in for more than that.

        • just brew it!
        • 14 years ago

        Well, the bug’s apparently old enough (existed since Win2K?) that it’s not like (s)he’s gonna get demoted or lose a bonus over it or something. For all I know, (s)he doesn’t even work at MS any more.

        I’m assuming you actually meant to respond to my post (#6), not #5.

          • Vrock
          • 14 years ago

          Yeah true. And I meant to respond to you, yes, sorry.

    • poulpy
    • 14 years ago

    Must… resist… urge.. to… laugh… out.. loud..

      • d2brothe
      • 14 years ago

      Bwhahahahahaha….

      • Smurfer2
      • 14 years ago

      I can’t resist, buahahahahah….muahahahaha

        • adisor19
        • 14 years ago

        Neither can I ! BUAAAHAHHAHAHAHAHHAHAHAHHAHAHAHAH

        Adi

    • DukenukemX
    • 14 years ago

    You buy a new Windows OS but you still get all the old problems from the previous OS.

    This just goes to show you how much new code is really in Vista.

      • Shinare
      • 14 years ago

      How much new code do you think is in BF:2142 from BF2? Funny how that still has the same old problems from BF2 and it cost me the same as a totally new game. 🙁

        • Shining Arcanine
        • 14 years ago

        Why did you buy it?

Pin It on Pinterest

Share This