Microsoft plugs 'critical' Windows cursor hole

Microsoft on Tuesday released a security update for Windows, a week before its scheduled release date.

The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs, including those running Windows Vista. The update also includes fixes for six additional Windows vulnerabilities.

The "critical" vulnerability addressed with Microsoft's MS07-017 update is a bug in the way Windows handles animated cursors, Microsoft said in its security bulletin. (For more details, see the CNET Security Center, "Windows animated cursor attack.")

Malicious software can be loaded, without a user's knowledge, onto a vulnerable Windows PC when the user views a malicious Web site or e-mail message.

Cybercrooks moved quickly to exploit the hole in attacks after details of the vulnerability were published online last week. Security firm Websense has spotted more than 100 Web sites that try to exploit the bug, as well as an e-mail spam campaign with links to the malicious sites.

About the author

    Joris Evers covers security.


    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The breathtaking art and science of light
    SkyBell's Video Doorbell chimes in (pictures)
    Here's looking at you, Cloud LED (pictures)
    Take a peek at Microsoft Word, PowerPoint and Excel for Android tablets (pictures)
    Twitter's iOS app gets cool new features (pictures)
    An iPhone 6 case designed for Moment lenses (pictures)