Double 'Patch Tuesday' no April fool joke

Summary:After skipping Patch Tuesday last month Microsoft is rushing out a fix for its Windows cursor vulnerability.

After skipping Patch Tuesday last month, administrators will have the joy of a double patch this month -- tomorrow and next week -- because Microsoft is rushing out a fix for its Windows cursor vulnerability.

The cursor bug, which affects Windows XP and Vista, allows a specially crafted Web page or e-mail attachment to execute malicious code on victims' computer. The attack exploits a hole in a feature that allows Web sites to manipulate how the Windows' cursor is displayed.

According to an advisory published over the weekend, the software giant was going to fix the cursor vulnerability in its usual monthly patch cycle -- due on April 10 -- but because the flaw is being actively exploited, the patch will now be released this week.

Microsoft didn't issue any security patches last month despite there being five known zero-day holes in its products -- including a bug in Word that has been used in attacks since mid-February.

Seems like these patches are like buses -- none for ages and then two come at once.

Topics: Security


Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.