News

Microsoft issues 'early' patch for cursor flaw

Microsoft is to issue an “early” security patch tomorrow to help tackle a critical security problem in Windows.

The patch for Windows Animated Cursor Handling is in response to widespread attacks in the wild using the flaw.

The affected Windows feature is used to create custom cursor solutions in the OS.

One security software vendor, eEye Digital, has already issued its own unofficial fix for the problem, something Microsoft does not recommend its users to download.

Microsoft wasn’t scheduled to release any further patches until next Tuesday (10 April), as part of its monthly security update.

But a Microsoft spokesman said, “From our ongoing monitoring of the situation, we can say that over this (last) weekend attacks against this vulnerability have increased somewhat.

“Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday 3 April.”

Microsoft said it had been aware of the problem since last December, and claimed it was planning to issue a fix for the flaw on 10 April.

The firm admits however that it is still testing the patch for tomorrow and warns it might be delayed if problems are found with it.

Users will no doubt be asking what the company has been doing about the problem since last December.

For its part, eEye Digital says it notified Microsoft that a related fix two years ago did not address the latest problem.

Fellow security firm Determina confirmed the problem to Microsoft last December. Microsoft has not explained why it has taken so long to fully address the problem.

E-mail worm poses as Microsoft invitation


Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy