Patch available for animated cursor exploit

Microsoft today issued a security patch for a recently discovered vulnerability that can affect users of Internet Explorer 6 or 7 and Outlook 2002 (also called Outlook XP) on Windows XP.

By embedding a hacked animated cursor (.ani) file in an HTML e-mail message or Web page, a malicious individual can potentially take control of your PC. All you have to do is view the infected e-mail message or Web site. This security advisory from Microsoft has all the details.

This is not a widespread problem, but Microsoft considers the exploit potential to be serious enough that it issued a patch outside of its normal security update cycle.

Make sure you have this patch installed. Even if you have automatic updates enabled, there can be a delay before the patch is downloaded. I suggest you run Windows Update (or Microsoft Update, if installed) from your Start menu at your earliest convenience. Select the “Express” option to install critical updates. You will have to reboot your system after the patch is installed.

While we’re on the subject, there’s also a nasty virus being distributed via e-mail messages with a subject line of “Internet Explorer 7 Downloads.” Details are here. As always, common sense applies. If you don’t recognize the sender, don’t open the message.