NEW YORK: Microsoft Corp., which issued an advisory, warning users of Windows operating system of an animated cursor flaw Thursday last, said it is planning to come out with a patch this week.
The flaw, which is a bug in the processing by Windows of animated cursor files, which are used to create cartoon-like cursors in Windows, has already led to an hacker attack and malicious code has been made available on the net.
Microsoft originally intended to patch the flaw in its regular monthly update, but in view of the criticality of the flaw, it is coming out with a patch possibly Tuesday
The software maker said its own analysis of the attacks, caused as a result of the flaw, showed that the impact of the attack on customers was limited. However, it said customers must download the patch when it is made available. Those customers with Windows' automatic update feature turned on will get the patch automatically, while it will also be able to be downloaded manually.
The company warmed Windows users to be cautious about email attachments as a booby-trapped attachment in an email can facilitate a PC system being hijacked by the hacker. Users must update their security software to stay out of the reach of the hackers, the company said.
Microsoft also said by just blocking the .ani files, which invoke the animated cursors, will not work as many attackers appear to be renaming the booby-trapped files.
Different versions of Windows, including Windows Vista, XP, 2000 and Server 2000 are vulnerable to the attack. Microsoft said Outlook Express users are also vulnerable to the bug and it has advised users to read their e-mails in plain text.
Security firms said users can protect themselves by using browsers other than Internet Explorer like Opera or Firefox 2.0.
Meanwhile, security firm eEye Digital Security Inc. has brought out an unofficial and temporary fix for the problem.
It is suspected that several websites, including at least two hosted in China, are offering the attack code that exploits the bug.