Animated cursors could prove risky for Windows users, Microsoft has warned.
Animated cursors could cause security problems for Windows users
The software giant is investigating reports that the way Windows handles alternatives to the traditional arrow cursor can leave PCs open to attack.
By booby-trapping a website or e-mail attachment with code that exploits the flaw, malicious hackers could hijack a Windows PC.
Microsoft warned users to be wary of attachments and urged them to update security software to combat the threat.
Malicious hackers are already known to be exploiting the flaw according to reports from the Sans Internet Storm Center.
In an alert, Sans said several security firms had seen evidence of websites being set up, hosting code that can exploit the bug. Information about it is being spread on bulletin boards malicious hackers are known to frequent.
PC users could fall victim by opening a booby-trapped attachment on an e-mail or by visiting a website that is hosting the code.
"Exploitation happens completely silently," said security firm McAfee which was one of the first to find the bug. Once installed, the exploit code could download and run any other file, warned McAfee.
Microsoft urged people to update their security software so they could get hold of signature files that spot and stop the exploit code.
Simply blocking the .ani files that denote animated cursors will not work as many attackers are renaming booby-trapped files to disguise their dangerous nature.
Microsoft said that many different versions of Windows were vulnerable to the attack. The list of potential victims includes Windows Vista, XP, 2000 and Server 2003.
The software firm said those using Outlook Express would be vulnerable as would those who forward or reply to booby-trapped e-mail messages with Windows Mail on Vista.
However, it said that users of Outlook 2007 would be protected.
Security firms said users can stay safe from this vulnerability by using an alternative browser, such as Opera or Firefox 2.0, with Windows. Also protected are those using Windows Vista with Internet Explorer 7.0.