ANI Vulnerability Patch (MS07-17) Now Available + News Updates

MS07-17 is out, and everyone should go get this out of cycle patch for the ANI 0-day which is currently spreading to more and more sites, and also being spammed. There is currently only one known issue with this patch, and that is with the Realtek audio control panel, which is covered in a Microsoft technote here.

As far as other ANI news goes, as I already linked to, the exploit is being spammed. Also, the number of sites hosting the exploit is growing rapidly as every malware group is seizing the opportunity to try and catch fresh victims for their botnets or what have you. Websense has a breakdown of what countries are/were mainly hosting them as of a couple days ago (the spamming one was related to Russian sites, so clearly this originated in east asia, and took a couple days to gain traction in Russia and elsewhere…of course the exploit code is public at this point.) Also, it would pay to re-visit some of the sites previously posted as most of them (and a host of others around the web) have updates.