Microsoft Working on emergency patch for 4-month old .ANI exploit

Microsoft security employees are working around the clock to release an emergency patch for the .ANI vulnerability in Windows after attacks spiked over the weekend. While they have known about the exploit for four months, it was not deemed an urgent threat until successful attacks began to appear.

While we aren't Microsoft-bashers, this is just another of many examples of why Microsoft can't be relied upon to secure their own products. Security is not Microsoft's core business and business priorities will often push down threats until they escalate to emergency status. On the other hand, independent companies such as McAfee or PC Tools make computer security their bread-and-butter. It is in their best interests to keep their customers' computers as secure as possible.

There are now over 100 websites spreading the .ANI exploit and McAfee has reported that they've discovered a spam campaign that attempts to drive users to a website which spreads this exploit. We recommend that our readers take extra precautions this week. Don't click any email links and if you have the slightest inkling that a site might not be safe, put off visiting it until the next Windows patch (due out in a few days).