[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Monday, 2 April 2007, 12:20 GMT 13:20 UK
Quick fix for Windows cursor flaw
Mouse and keyboard, Eyewire
Visiting the wrong website could have serious consequences
Microsoft is moving to close a security loophole in Windows that lets attackers hijack a PC via animated cursors.

Malicious hackers are already known to be exploiting the flaw via booby-trapped and compromised websites.

Microsoft usually issues security patches once a month to help users keep their PC safe.

However, the seriousness of the bug has prompted the software company to act early and stifle attempts to exploit the flaw.

Cursor cure

The problem started to receive public attention in late March when security firms realised that the way Windows handles animated cursors could be used as a route to take over a PC.

Microsoft said it had decided to issue a patch early because attacks using the vulnerability had increased in intensity and code to exploit the flaw was known to be circulating widely.

McAfee warned that attackers could booby-trap websites with the exploit code and "silently" compromise vulnerable PCs.

On its Security Response Center blog Microsoft said it had been notified about the flaw in December 2006 and had been working on a fix since then.

The fix was scheduled to be released on 10 April - the next date for Microsoft's regular monthly security update.

"Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10," noted the blog.

PC users will be able to get the fix via Windows automatic update or visit Microsoft itself to download the patch manually.

Users of Windows Vista, XP, 2000 and Server 2003 are potentially vulnerable to the cursor vulnerability.


SEE ALSO
Users warned on Windows cursors
30 Mar 07 |  Technology
Microsoft fails second virus test
05 Mar 07 |  Technology
Windows 'fails' active virus test
06 Feb 07 |  Technology
Keeping Vista safe and secure
01 Dec 06 |  Technology
Poisoned PowerPoint attacks users
20 Jul 06 |  Technology
Home network security scrutinised
16 Feb 07 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific