A few Windows security items out today.
Vulnerabilities in GDI Could Allow Remote Code Execution This is the link to the patch for the Windows Animated Cursor Handling vulnerability, links to download the software for all versions of Windows are included. They note that there is one known issue with this patch, Realtek HD Audio Control Panel (Rthdcpl.exe) may not start and you may receive this error message,
Rthdcpl.exe – Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
If you receive this error message, go to this page, The Realtek HD Audio Control Panel may not start, and you receive an error message when you start the computer: “Illegal System DLL Relocation” and download and run the patch fix it. A restart may be required.
MS07-017 Released They note that the attacks on the vulnerability have increased but are not widespread.
If the Ajax app was a web mail service, the attacker could get the contents of an inbox or address book, for example. Indeed, Fortify’s research was based on an earlier finding by Jeremiah Grossman, who found such a vulnerability in Gmail last year.
I didn’t see this yesterday, but it looks like eEye released a patch to block the animated cursor flaw, a patch that was not approved by Microsoft, I am sure.
You can follow our new security twitter and catch snippets of the big security stories throughout the day.