Microsoft plugs 'critical' Windows cursor hole

Microsoft on Tuesday released a security update for Windows, a week before its scheduled release date.

The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs, including those running Windows Vista. The update also includes fixes for six additional Windows vulnerabilities.

The "critical" vulnerability addressed with Microsoft's MS07-017 update is a bug in the way Windows handles animated cursors, Microsoft said in its security bulletin. (For more details, see the CNET Security Center, "Windows animated cursor attack.")

Malicious software can be loaded, without a user's knowledge, onto a vulnerable Windows PC when the user views a malicious Web site or e-mail message.

Cybercrooks moved quickly to exploit the hole in attacks after details of the vulnerability were published online last week. Security firm Websense has spotted more than 100 Web sites that try to exploit the bug, as well as an e-mail spam campaign with links to the malicious sites.

About the author

    Joris Evers covers security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best 3D-printing projects of 2014 (pictures)
    15 crazy old phones from a Korean museum (pictures)
    10 gloriously geeky highlights from 2014 (pictures)
    2015.5 Volvo XC60: updated tech, understated design
    Busted! CNET readers show us their broken devices (pictures)