San Francisco: Microsoft Corp. plans to patch a security hole in Windows on 3 April related to an animated cursor that hackers have used to launch attacks after users click on links to malicious Web sites.
Microsoft, whose Windows operating system runs on some 95% of the world’s computers, said it would release the patch outside of a regular monthly security update because it completed testing earlier than anticipated.
“Microsoft’s monitoring of attack data continues to indicate that the attacks and customer impact is limited,” the world’s biggest software maker said.
Security firm F-Secure said attacks using the flaw related to cursor animation files used by Windows intensified over the weekend, with the majority tracing back to different Chinese hacker groups.
It said most of the activity around the so-called ANI exploit has been via dozens of malicious Web sites but warned that on 1 April, the first Internet worm, able to replicate without the user doing anything to the machine, was found using the flaw to spread.
“This vulnerability is really tempting for the bad guys,” said Mikko Hypponen, chief research officer at F-Secure. “It’s easy to modify the exploit, and it can be launched via Web or e-mail fairly easily.”
Microsoft has been working to improve the security and reliability of its software as more and more malicious software targets weaknesses in Windows and other Microsoft software.