Microsoft to issue cursor flaw patch early

Software maker had planned to wait until April 10, but will now issue the patch Tuesday given there is a public exploit using the hole.
Written by Ina Fried, Contributor
Microsoft said Sunday night that it is planning to make available this week a patch for a Windows flaw that has already been used in an attack.

Microsoft issued an advisory on the animated cursor flaw on Thursday. By Friday, malicious code was circulating that took advantage of the hole. (For more details, see the CNET Security Center, "Windows animated cursor attack.")

In an e-mail, Microsoft said it had originally planned to patch the flaw on April 10 as part of its regular monthly security update, but now it plans to release the patch Tuesday because of the public exploit.

"Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers," a Microsoft representative said in an e-mail.

The software maker said its analysis of the data suggests that "the attacks and customer impact is limited," but the company said that it encourages customers to download the patch when it is made available. Consumers that have Windows' automatic update feature turned on will get the patch automatically. The patch can also be downloaded manually.

Microsoft said it is working with law enforcement to track down the attackers.

Editorial standards