Microsoft Patches Ahead of Schedule

by CXOtoday Staff    Apr 04, 2007

Deviating from its usual monthly patch cycle, Microsoft has released several critical patches a week ahead of its regular schedule.

The patches are for Windows 2000, XP, Server 2003 and Vista, and will address seven flaws, including the vulnerability in Windows animated cursor handling. Two of the patches are for Vista.

The bulletin summary released on April 3, 2007 recommends that customers should apply the update immediately as this vulnerability has been rated as critical. The patches can be installed through Software Update or downloaded from Microsoft’s web site.

The ANI vulnerability is being exploited since last week, with activity intensifying during the weekend. Microsoft was aware of this vulnerability since December, when it had been warned by Determina Security Research.

Christopher Budd, Microsoft Program Manager wrote on the company’s Security Response Center blog, “We’ve released the security update, MS07-017, that addresses the vulnerability in Windows Animated Cursor Handling. We originally planned to release the update on Tuesday, April 10, 2007 as part of our regular monthly release of security bulletins. We have been monitoring the situation throughout and our indications, and those of our MSRA partners, show there is a threat for attacks against this vulnerability to increase although we haven’t seen anything widespread. Based on customer feedback and our teams’ ability to complete testing in an expedited manner by working around the clock, we’ve gone ahead and released this update early to help better protect customers from this threat.”

Microsoft released similar unscheduled fixes in January and September last year.