[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 30 March 2007, 10:55 GMT 11:55 UK
Users warned on Windows cursors
Log-in screen, BBC
Animated cursors could cause security problems for Windows users
Animated cursors could prove risky for Windows users, Microsoft has warned.

The software giant is investigating reports that the way Windows handles alternatives to the traditional arrow cursor can leave PCs open to attack.

By booby-trapping a website or e-mail attachment with code that exploits the flaw, malicious hackers could hijack a Windows PC.

Microsoft warned users to be wary of attachments and urged them to update security software to combat the threat.

Open Windows

Malicious hackers are already known to be exploiting the flaw according to reports from the Sans Internet Storm Center.

In an alert, Sans said several security firms had seen evidence of websites being set up, hosting code that can exploit the bug. Information about it is being spread on bulletin boards malicious hackers are known to frequent.

PC users could fall victim by opening a booby-trapped attachment on an e-mail or by visiting a website that is hosting the code.

"Exploitation happens completely silently," said security firm McAfee which was one of the first to find the bug. Once installed, the exploit code could download and run any other file, warned McAfee.

Microsoft urged people to update their security software so they could get hold of signature files that spot and stop the exploit code.

Simply blocking the .ani files that denote animated cursors will not work as many attackers are renaming booby-trapped files to disguise their dangerous nature.

Microsoft said that many different versions of Windows were vulnerable to the attack. The list of potential victims includes Windows Vista, XP, 2000 and Server 2003.

The software firm said those using Outlook Express would be vulnerable as would those who forward or reply to booby-trapped e-mail messages with Windows Mail on Vista.

However, it said that users of Outlook 2007 would be protected.

Security firms said users can stay safe from this vulnerability by using an alternative browser, such as Opera or Firefox 2.0, with Windows. Also protected are those using Windows Vista with Internet Explorer 7.0.




SEE ALSO
Microsoft fails second virus test
05 Mar 07 |  Technology
Windows 'fails' active virus test
06 Feb 07 |  Technology
Keeping Vista safe and secure
01 Dec 06 |  Technology
Windows virus bites Apple iPods
18 Oct 06 |  Technology
Poisoned PowerPoint attacks users
20 Jul 06 |  Technology
Criminals 'may overwhelm the web'
25 Jan 07 |  Business

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific