The exploit allows remote attackers to execute programs on your system or create a denial of service. There is no patch available for this exploit.
This is the first remote exploit against Vista and the security community is concerned that this vulnerability may be converted into a wide-spread attack worm.
The Community recommends:
- All users make sure their Anti-virus software and detection files are up to date.
- Spread of this exploit by email may be prevented by blocking all .ani, .cur, .ico and .jpg files at your email gateway.
Additional information about this vulnerability may be found at these links:
UPDATE: 4/2/2007, Microsoft plans early patch update to address this flaw:
Microsoft Response Center Update
UPDATE: 4/3/2007, Microsoft has released a patch.
I will update this blog post as more information becomes available.