Skip to Navigation | Skip to Content

Windows Animated Cursor Attack

« Call For Nominations: Sadowsky Prize | Main | Service Improvements to NYU Email, Apr. 3 »

On Wednesday, March 28, Microsoft announced a new vulnerability that targets the "animated cursor" function in Internet Explorer 6 and 7.

Animated cursors are used on different websites for legitimate reasons. However, this latest vulnerability uses the animated cursor function to install and execute a trojan file on the victim computer. Infected computers may be controlled by a remote attacker, who may install a keylogging tool or other malicious files

The attack does not require any user interaction. Computers can be compromised simply by visiting a website that contains the malicious code. The infection happens in the background and the user may not be aware that the computer is compromised.

This vulnerability affects the following operating systems:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • (See link below for more Operating Systems)

Vista's IE 7 in protected mode shields the computer against drive-by installations.

There are no patches for the vulnerability at this time. Microsoft suggests that customers avoid visiting unknown websites or open email from unknown, untrusted addresses. It is also suggested that users open emails in plain text format since it will reduce the risk of malicious code executing.

Read more about this alert on Microsoft's Security Bulletin website:

Microsoft Security Advisory (935423)

UPDATE 04/09/07

Microsoft has released a critical update that fixes the Animated cursor vulnerability. You can download and install the latest patches by following the link below:

Microsoft Windows Update