Its Thursday, end of the week is coming and I am looking for my next week's ski vacation in Italy. But as expected, when I come home and connect my laptop to read some last minute emails, there is an email from Microsoft security team announcing yet another zero-day vulnerability. Here goes my quite weekend! This time this zero-day vulnerability exploits Windows animated cursor files (.ani). A bug was found in a module that handles those .ani files in all Microsoft Windows operating systems.

But hold it, what is this? I am reading this correctly? What is Vista doing is in the list of vulnerable Windows systems? Isn't it supposed to be the most secure operating system ever? Isn't it designed to sustain zero-day vulnerability attacks? Well, apparently there is a big gap between the design and the implementation. Don't get me wrong, I do think Microsoft did a great job with Vista and it does contain many new security features that will indeed thwart many malware attacks, but unfortunately they have not created a panacea yet.

So far there is no protection available against this vulnerability and Microsoft is planning to release a patch in their monthly security update which is scheduled for April. The only remedy is to use antivirus products that are constantly updated with signatures of the malware automatically downloaded through the exploit. But this is like chasing ones own tail since hackers are very quick to jump on the new vulnerability bandwagon and will be adding this exploit to almost every new malware they write. This means that until the patch is out, users can be transparently infected just by visiting an infected Web site or receiving an email. The opportunity that comes with a new exploit and the window of vulnerability that it brings (until Microsoft releases a patch) is immediately seized by spyware and adware publishers. They love the idea of being able to infect our computers without our knowledge and consent, since each infected computer brings them an immediate financial gain. Each infected computer is a welcome addition to their army of robots that show ads, send out spam or engaged in a criminal action.

Nowadays hackers have learned the way Microsoft is releasing security patches and they time the release of new exploits to maximize the window of vulnerability that can give them up to 5 weeks of fertile ground of unpatched and vulnerable computers worldwide. Getting through a regular antivirus program is easy. Since antivirus programs do not detect the actual exploit but rather the malware payload downloaded as a result of the exploit, they just need to change the malware signatures frequently enough to avoid detection.

Until the patch is released, we can only ponder what we actually should with Microsoft's advisory "As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources". How exactly should I "exercise extreme caution"? Does it mean I should read my emails very slow?

So far it is clear that a different approach is needed to fight vulnerabilities. We cannot wait for Microsoft patches and we cannot rely on traditional antivirus solution. I hate to be in a position of saying "I told you so", but unfortunately I did. About 4 years ago we have realized that vulnerabilities and exploits will be the main conduit for malware to get into our computers and back then we started to develop a very unique technology that we called XploitStopperT. This technology focuses on blocking the exploitation of the vulnerability regardless of the malware that it downloads. The idea is very simple: we know how the exploit works and what exactly triggers the vulnerability and we can block any such attempt without chasing malware samples and learning their signatures. This is the essence of being proactive vs. reactive.