Microsoft will patch the increasingly dangerous Windows animated cursor vulnerability tomorrow, a week early, a spokesman of the company's security team says.
"Microsoft originally planned to release the update on Tuesday, April 10, as part of its regular monthly release of security bulletins," the spokesman says in an email. "However, Microsoft is aware of the existence of a public attack utilizing the vulnerability, [and] since testing has been completed, Microsoft will release the update ahead of schedule to help protect customers."
The announcement followed a weekend of escalating warnings from security organisations and reports from China's Internet Security Response Team of a worm in the wild using the unpatched vulnerability. Symantec and other antivirus companies confirmed the existence of the Fubalca worm on Sunday.
Over the weekend, a number of events showed the speed with which attackers were moving. First, exploit source code was publicly posted on a security mailing list, then McAfee says it had seen at least one spam run that linked to the exploit, and finally, Websense claimed that it had spotted more than 100 malicious sites spreading the exploit, a tenfold increase over the day before.
Last Saturday, Microsoft's Security Response Centre (MSRC) added Windows Server 2003 Service Pack 2 to the long list of Windows editions affected by the bug. Christopher Budd, an MSRC program manager, acknowledged that attacks leveraging the flaw had increased. "In light of these points and based on customer feedback, we have been working around the clock to test this update," Budd says on the MSRC blog.
The emergency fix, pegged as MS07-017, will be released through Microsoft's normal channels, including Automatic Updates, Windows Update and the enterprise-oriented Windows Server Update Services. MS07-017 will be only the third out-of-cycle patch from Microsoft in more than two years.