Security Flaw in Windows Cursor Surfaces

April 3, 2007: Another day, another Windows flaw it seems. This time malicious coders are taking advantage of an animated cursor vulnerability that can be exploited to create a “crash restart loop” in Vista.

Launched by clicking an infected email or visiting a malicious website, the zero day flaw currently effects all versions of Windows from 2000 onwards as well as Internet Explorer 6 and 7.

Dubbed the “Fubalca” worm, it has appeared on over 100 websites over the last 24 hours or so, the threat moving rapidly from targeted to a widespread attack. Both Microsoft and various security firms have labelled Fubalca a serious threat, so much so Microsoft has prioritised its patch for the flaw that it plans to release as a critical update today.

The worm is disguised as an Internet Explorer 7 beta, and because it is so similar to a legitimate bete it is proving problematic for antivirus software to spot.

While the patch is out today, since the exploit requires users to click on it to launch as always the best protection is a wary attitude towards unknown emails and websites.

Comment on this story