April 1, 2007 9:10 PM PDT

Microsoft to issue cursor flaw patch early

Microsoft said Sunday night that it is planning to make available this week a patch for a Windows flaw that has already been used in an attack.

Microsoft issued an advisory on the animated cursor flaw on Thursday. By Friday, malicious code was circulating that took advantage of the hole. (For more details, see the CNET Security Center, "Windows animated cursor attack.")

In an e-mail, Microsoft said it had originally planned to patch the flaw on April 10 as part of its regular monthly security update, but now it plans to release the patch Tuesday because of the public exploit.

"Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers," a Microsoft representative said in an e-mail.

The software maker said its analysis of the data suggests that "the attacks and customer impact is limited," but the company said that it encourages customers to download the patch when it is made available. Consumers that have Windows' automatic update feature turned on will get the patch automatically. The patch can also be downloaded manually.

Microsoft said it is working with law enforcement to track down the attackers.

See more CNET content tagged:
patch, software company, attack, Microsoft Corp., e-mail

59 comments

Join the conversation!
Add your comment
Ahhh the speed . . .
The first story I read on this flaw last week said that MS has been
aware of it since January . . . They wait till it's publicly exploited to
release an "early" patch?
Posted by K.P.C. (227 comments )
Reply Link Flag
I feel so secure...
being in Mamma Microsofts tender loving prtective arms.
Posted by Ted Miller (305 comments )
Link Flag
ahh the speed
The exploit may only work if ie7 is run with protected mode off, thats what the patch is for!
Posted by ITprosupport (30 comments )
Link Flag
As a sysadmin who distributes Microsoft patches...
Please say this is an April Fool's joke? Once a month is enough, thank you very much!
Posted by erblemoof (2 comments )
Reply Link Flag
Getting attacked is easier on sysadmins?
I support Microsoft releasing patches when they know about problems, not simply an arbitrary time of the month. As a sysadmin, it's up to you to protect the systems you are responsible for, and maybe you should have an automatic update rollout system in place.
Posted by paul.saulnier (67 comments )
Link Flag
And?
Strangley I patched my Linux distro this morning for an exploit known since November...

Your point is?
Posted by wolivere (780 comments )
Reply Link Flag
And?
Strangley I patched my Linux distro this morning for an exploit known since November...

Your point is?
Posted by wolivere (780 comments )
Reply Link Flag
They should really publicize the workaround now:
Switch to Firefox and Thunderbird. They're not vulnerable.
Posted by fcekuahd (244 comments )
Link Flag
Ragging on Microsoft...
What is the point of ragging on MS? No company on this planet is perfect. ANYTHING created by human beings will be flawed in one way or another.

Also, how is it MS's fault that unscrupulous and ignorant individuals take advantage of technology? Do we blame the inventor of e-mail for SPAM? Heck, do we blame all the people who brought us Internet technology for all the mayhem and problems that people who are looking to make a quick buck cause?

Human beings have an insane instinct to see those who are "On Top" come tumbling down to the bottom of the barrel. If MS Windows wasn't installed on Over 90% of computers around the world, then it would be some other OS and people would still complain about that!

Bill Gates is FILTHY RICH because he focuses on the Big Picture. Business is not about pleasing all of the people all of the time. Business is about pleasing enough people to make a fortune and keeping those people pleased to continue making a fortune.

Apple is not as big as MS, but they still make money by pleasing enough people to keep them in business so they keep making money.

If MS closed shop today, who do you think would take over? We have two viable choices as far as I can see: Apple or Linux. Apple would most likely win, becuase Linux is too confusing for the average user. Then Apple would be in the same spot as MS.

All in all, people are just never satisfied and will always find something to complain about, no matter how trivial or insignificant that "something" may be.

I do not work for MS and I am not an advocate for MS. All I want from MS are products that will help me get what I need to get done faster and more efficient. End.
Posted by DemePoole (33 comments )
Reply Link Flag
Well said.
I couldn't agree with you more. Well said, on all points across the board. The business situation today demands that ONE standard OS, and a common set of standards for applications installed on that OS, exists, and only that will succeed.

People, especially tech heads, will always find something to ***** about. That goes double for anything PC related that's marketed to the mass market.
Posted by lfagius (27 comments )
Link Flag
Correct!
Wonderful!
Excellent and right to the point!
Why do I not see Remington blamed for all the people using their shotguns to rob banks?
Or FORD for all the runaway cars?
Or city counsels for pickpocketing and pilfering in the streets?
People shall always be people!
Posted by Kostagh (57 comments )
Link Flag
Yeah, but... pwned by a mouse cursor?
I mean... c'mon, you have to admit that it's pretty mickey mouse when a [i]mouse cursor[/i] can turn your machine into a zombie...

/P
Posted by Penguinisto (5042 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.