Squashing the 'Cursor Bug'

by santonov on April 3rd, 2007 in Industry and Security News.

Microsoft plans to release an urgent fix Tuesday for the latest Windows flaw that could affect in excess of 200 million Windows users.

The .ANI vulnerability exploits the way most modern versions of Windows process animated cursors in the ANI file format.

Users are being infected after visiting malicious websites that feature embedded malware designed to take advantage of the flaw. They also can be infected if they open a specially designed e-mail message or malicious attachment sent by a hacker. Security experts estimate close to 100 websites are serving up malicious pages that take advantage of the bug.

The bug affects all recent Windows releases, including its new Vista OS. Internet Explorer is the main attack vehicle for the exploits.

Microsoft admits it has been aware of the problem since December and has been working on a patch that was scheduled to be released a week from today. However, in light of the increased attacks against the vulnerability, it was decided an "urgent fix" was needed.

Look for it at Microsofts Security Update page Tuesday.