Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

April 2, 2007 at 10:11 AM

Microsoft issues patch for Windows cursor hole

Microsoft issued a patch Sunday for a vulnerability that affects several versions of the Windows operating system, including the newly released Vista, and has been employed in “malicious and criminal attacks on computer users.”

In a security advisory issued Saturday, the company described the hole “as a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. For this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.”

The company had planned to issue the patch, known as MS07-017, with its regular monthly security update on April 10. “However, Microsoft is aware of the existence of a public attack utilizing the vulnerability,” a spokesman said in an email. “Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers.”

The attacks and impacts to computer users thus far have been “limited,” according to the spokesman.

Updates will be pushed out automatically to Windows users who have the Automatic Updates feature turned on. The patch can be downloaded at Microsoft’s Windows Update.

The SANS Internet Storm Center has more details and links to security vendors’ accounts of the problem.

Comments | More in Microsoft

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►