Microsoft to issue cursor flaw patch early

Software maker had planned to wait until April 10, but will now issue the patch Tuesday given there is a public exploit using the hole.

Microsoft said Sunday night that it is planning to make available this week a patch for a Windows flaw that has already been used in an attack.

Microsoft issued an advisory on the animated cursor flaw on Thursday. By Friday, malicious code was circulating that took advantage of the hole. (For more details, see the CNET Security Center, "Windows animated cursor attack.")

In an e-mail, Microsoft said it had originally planned to patch the flaw on April 10 as part of its regular monthly security update, but now it plans to release the patch Tuesday because of the public exploit.

"Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers," a Microsoft representative said in an e-mail.

The software maker said its analysis of the data suggests that "the attacks and customer impact is limited," but the company said that it encourages customers to download the patch when it is made available. Consumers that have Windows' automatic update feature turned on will get the patch automatically. The patch can also be downloaded manually.

Microsoft said it is working with law enforcement to track down the attackers.

About the author

    During her years at CNET News, Ina Fried has changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley. These days, most of her attention is focused on Microsoft. E-mail Ina.


    Discuss Microsoft to issue cursor flaw patch early

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    'Zoolander 2' trailer features, wait, Stephen Hawking?