Hosts: Steve Gibson with Leo Laporte A special edition of Security Now to warn and inform listeners of a serious zero-day exploit that affects NT, XP, and Vista - even if fully patched. An interim patch is available from eEye for use until Microsoft provides an official update. (But see below first, since Microsoft is patching out-of-cycle.) At the end of March, exploitation of a previously (publicly) unknown vulnerability in Windows' animated cursor (ANI) processing was detected in the wild. This new vulnerability is now being widely exploited to install Trojan malware into unpatched Windows 2000, XP, Server 2003 and Vista systems. All fully patched Windows systems are currently vulnerable. Microsoft learned of this vulnerability in all versions of Windows more than three months ago, on December 20th, 2006, but did nothing to protect their customers. Proof-of-Concept code has now been publicly released, guaranteeing rapid and widespread adoption of this exploit. Microsoft was forced to publish this acknowledgement of the vulnerability and since they have known of it for many months they have now stated that they will be pushing out an early, out-of-cycle official update to eliminate this vulnerability on Tuesday, April 3rd, 2007. Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update. But be sure to look for this update on or after Tuesday, April 3rd. For 16kpbs versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Security Now is brought to you by Astaro Internet Security. Bandwidth for Security Now! is provided by AOL Radio