Pretty serious happenings on the zero-day front today so we’ll keep it short and sweet. Today marked the release of the Windows .ANI Processing zero-day. This zero-day vulnerability represents one of the most potent zero-days recorded by the Zero-Day Tracker. Since the vulnerability lies within Windows and is exposed by countless applications, exploit vectors are plentiful for attackers to launch reliable attacks against user32.dll.
eEye’s Blink Personal (LOOK, IT’S FREE!!) was already protecting against this vulnerability with its generic Intrusion Prevention System, so Blink users have nothing to worry about. For those that may not have Blink installed, eEye Research has diligently been plugging away and has released a patch to mitigate this vulnerability while it remains unpatched by Microsoft. This patch successfully disabled ALL attack vectors from exploiting users while not causing a disruption in normal use. As always we suggest that administrators quickly test this against internal web applications prior to installing within their environment. Or, maybe you should just install Blink and join the many users that don’t have anything to worry about.
You can find all of the technical information as well as the patch here: http://research.eeye.com/html/alerts/zeroday/20070328.html.