Patch for the Vulnerability in Windows Animated Cursor Handling
Microsoft has announced on their blog that they are testing and preparing a patch for the latest vulnerabilty in Windows Animated Cursor Handling, and that they are preparing to release it this Tuesday, April 3, 2007. The blog said attacks using the vulnerability have been growing over the weekend and they are aware of the publishing of the proof of concept code.
We have some new information tonight on the status of the security update that we?re working on that addresses the vulnerability in Windows Animated Cursor Handling.
From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.
I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it?s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know. Source: Latest on security update for Microsoft Security Advisory 935423
They can release a patch for this vulnerability so quickly because they already knew about it in December 2006 and have been working on fixing the code already. I guess we can call this a special patch Tuesday, and the security bulletin from Microsoft says the patch will require a restart. The Technet webcast will be Wednesday, 11 April 2007 11:00 AM (GMT-08:00) Pacific Time (US & Canada).