Remote Microsoft Outlook and Vista Exploit

A new vulnerability is being exploited against Microsoft Outlook and all Microsoft Windows Operating Systems: Windows 2000 SP4 through Vista.

The exploit allows remote attackers to execute programs on your system or create a denial of service. There is no patch available for this exploit.

This is the first remote exploit against Vista and the security community is concerned that this vulnerability may be converted into a wide-spread attack worm.

The Community recommends:

1. All users make sure their Anti-virus software and detection files are up to date.
   
2. Spread of this exploit by email may be prevented by blocking all .ani, .cur, .ico and .jpg files at your email gateway.

Additional information about this vulnerability may be found at these links:

• SANS Internet Storm Center
• Common Vulnerabilities and Exposures
• Microsoft Response Center Blog

UPDATE: 4/2/2007, Microsoft plans early patch update to address this flaw:
Microsoft Response Center Update
UPDATE: 4/3/2007, Microsoft has released a patch.
MS07-017

I will update this blog post as more information becomes available.