Week in review: Cursing Windows' cursor flaw

Vista's security gets a black eye, and tech worker visas are snapped up quickly.

Microsoft suffered a bit of a black eye this week when it had to rush out a patch for a "critical" Windows vulnerability that was already being exploited on the Internet.

The software giant to fix a bug that cybercrooks had been using since last week to attack Windows PCs, including those running Vista.

The cursor flaw lies in the operating system code. This means that any application that relies on the operating system to handle animated cursor files could be an attack vector, including alternative browsers such as Firefox.

Microsoft officially launched Vista for consumers in January, promoting the operating system as the most secure version of Windows yet. It is the first client version of Windows built with security in mind, meaning that it should have fewer coding errors that could be exploited, Microsoft has said.

Yet the "critical" hole that affected much older Windows versions also hit Vista. It is a flaw that should have been caught by Microsoft's code-vetting processes for Vista, called the Security Development Lifecycle, some experts said. The flaw is also evidence that faulty code from previous Windows versions has been copied into Vista, they said.

The announcement had CNET News.com readers debating the merits of Vista versus OS X.

"Windows has security holes big enough to drive a truck through. But in Vista, there are fewer holes, and you have to drive a smaller truck," to News.com's TalkBack forum.

However, installing Microsoft's patch is causing trouble for some users because it is not compatible with software that runs audio and networking components from Realtek Semiconductor.

Microsoft is aware of problems the patch might cause with Realtek's audio software. In fact, it knew about them before releasing the fix and published a support article with the security bulletin. An additional update is available from Microsoft to remedy the problem, according to the company's Web site. Microsoft is not aware of networking issues, a representative said.

Mozilla is looking at delivering its own remedy for the cursor flaw. The Firefox work-around could come as a welcome option to those users who, for whatever reason, don't install Microsoft's fix.

Meanwhile, Microsoft has come under attack for the way it advertises Vista. A lawsuit, filed in Seattle, alleges that the company advertised systems as "Vista capable," when in fact the systems were not able to run Vista properly. The suit alleges that the marketing around Vista was designed to deliberately mislead potential customers. The outcome hangs on the precise definition of the circumstances under which a machine is "Vista capable."

Stampede for visas
The 2007 rush for H-1B guest worker visas began and ended on the same day. Sunday marked the start date for technology companies to seek permission from the U.S. government to hire temporary foreign employees under the visa program, which permits up to 65,000 H-1Bs to be issued this year. Exceptions, however, allow that number to be exceeded.

The H-1B program allows foreigners with at least a bachelor's degree in their area of specialty to be employed in the United States for up to six years. They're currently capped at 65,000 visas per year, with an additional 20,000 visas set aside for foreigners with advanced degrees, after peaking at 195,000 per year between 2001 and 2003.

Featured Video