Microsoft plugs 'critical' Windows cursor hole

Microsoft on Tuesday released a security update for Windows, a week before its scheduled release date.

The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs, including those running Windows Vista. The update also includes fixes for six additional Windows vulnerabilities.

The "critical" vulnerability addressed with Microsoft's MS07-017 update is a bug in the way Windows handles animated cursors, Microsoft said in its security bulletin. (For more details, see the CNET Security Center, "Windows animated cursor attack.")

Malicious software can be loaded, without a user's knowledge, onto a vulnerable Windows PC when the user views a malicious Web site or e-mail message.

Cybercrooks moved quickly to exploit the hole in attacks after details of the vulnerability were published online last week. Security firm Websense has spotted more than 100 Web sites that try to exploit the bug, as well as an e-mail spam campaign with links to the malicious sites.

Featured Video

Why do so many of us still buy cars with off-road abilities?

Cities are full of cars like the Subaru XV that can drive off-road but will never see any challenging terrain. What drives us to buy cars with these abilities when we don't really need them most of the time?

by Drew Stearne