Monday, April 2, 2007

Quick fix for Windows cursor flaw

Microsoft is moving to close a security loophole in Windows that lets attackers hijack a PC via animated cursors.

Malicious hackers are already known to be exploiting the flaw via booby-trapped and compromised websites.

Microsoft usually issues security patches once a month to help users keep their PC safe.

However, the seriousness of the bug has prompted the software company to act early and stifle attempts to exploit the flaw.

Cursor cure

The problem started to receive public attention in late March when security firms realised that the way Windows handles animated cursors could be used as a route to take over a PC.

Microsoft said it had decided to issue a patch early because attacks using the vulnerability had increased in intensity and code to exploit the flaw was known to be circulating widely.

McAfee warned that attackers could booby-trap websites with the exploit code and "silently" compromise vulnerable PCs.

On its Security Response Center blog Microsoft said it had been notified about the flaw in December 2006 and had been working on a fix since then.

The fix was scheduled to be released on 10 April - the next date for Microsoft's regular monthly security update.

"Due to the increased risk to customers from these latest attacks, we were able to expedite our testing to ensure an update is ready for broad distribution sooner than April 10," noted the blog.
PC users will be able to get the fix via Windows automatic update or visit Microsoft itself to download the patch manually.

Users of Windows Vista, XP, 2000 and Server 2003 are potentially vulnerable to the cursor vulnerability.

Microsoft Windows Technology News by BBC NEWS

No comments: