Microsoft plugs 'critical' Windows cursor hole

Microsoft on Tuesday released a security update for Windows, a week before its scheduled release date.

The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs, including those running Windows Vista. The update also includes fixes for six additional Windows vulnerabilities.

The "critical" vulnerability addressed with Microsoft's MS07-017 update is a bug in the way Windows handles animated cursors, Microsoft said in its security bulletin. (For more details, see the CNET Security Center, "Windows animated cursor attack.")

Malicious software can be loaded, without a user's knowledge, onto a vulnerable Windows PC when the user views a malicious Web site or e-mail message.

Cybercrooks moved quickly to exploit the hole in attacks after details of the vulnerability were published online last week. Security firm Websense has spotted more than 100 Web sites that try to exploit the bug, as well as an e-mail spam campaign with links to the malicious sites.

Featured Video