Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Order books and more at Amazon.com

Order Windows 2000 Secrets from Amazon.com

BugBlog Bug of the Month

Starting with January 2005, the BugBlog will pick its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.

The Bug of the Month for February 2005 was posted as the Bug of the Day on January 12:

Did you ever think there might be too much needless junk in Windows? Two vulnerabilities in the way that animated cursors and icons are handled may give a remote attacker a way to run their own code on your system. This bug affects Windows NT 4.0 Server, Windows 2000 Service Pack 3 and 4, Windows XP Service Pack 1, Windows XP 64-bit, and Windows Server 2003. This is a critical update from Microsoft, and patches can be downloaded from the Microsoft Download Center, or by following the links from http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx. Microsoft credits eEye for finding this bug.

Why this one? First, it is far-reaching, affecting most versions of Windows except Service Pack 2. Second, it is a critical update. Bad things can happen if you don't plug this hole. And third, because this critical threat to your computer is coming through some non-essential eye candy -- animated cursors.

Well, Microsoft has been the winner the first two months -- hope they don't think I'm picking on them. (I almost chose the Panix.com domain hijacking, but ultimately that wasn't really a bug.)

Previous Bugs of the Month

January 2005