From GRC.com;

At the end of March, exploitation of a previously (publicly) unknown vulnerability in Windows' animated cursor (ANI) processing was detected in the wild. This new vulnerability is now being widely exploited to install Trojan malware into unpatched Windows 2000, XP, Server 2003 and Vista systems.

All fully patched Windows systems are currently vulnerable.

Microsoft learned of this vulnerability in all versions of Windows more than three months ago, on December 20th, 2006, but did nothing to protect their customers.

Proof-of-Concept code has now been publicly released, guaranteeing rapid and widespread adoption of this exploit.

Microsoft was forced to publish this acknowledgement of the vulnerability and since they have known of it for many months they have now stated that they will be pushing out an early, out-of-cycle official update to eliminate this vulnerability on Tuesday, April 3rd, 2007.

Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update. But be sure to look for this update on or after Tuesday, April 3rd.

http://www.grc.com/default.htm

There is a temporary patch available from http://research.eeye.com/html/alerts/zeroday/20070328.html

Microsoft's patch will be released in 24-48hrs (be nice if they did this three months ago)

If you are running DEP (Data Excecution Prevention) you should be safe.

The "patches" cdnvic refers to above, have now been released by Microsoft.

Windows Affected Software:

- Windows 2000 Service Pack 4

- Windows XP Service Pack 2

- Windows XP Professional x64 Edition

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003

- Windows Server 2003 Service Pack 1

- Windows Server 2003 Service Pack 2

- Windows Server 2003 for Itanium-based Systems

- Windows Server 2003 with SP1 for Itanium-based Systems

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Server 2003 x64 Edition

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Vista

- Windows Vista x64 Edition

Details/Downloads HERE:

This new 0-Day Trojan malware can be executed by visiting an infected website or viewing infected email (even if your email reader is set to "Text Only"). You can also become infected by forwarding infected emails, without actually having viewed same.

NOTE: The problem appears to effect USER32.DLL. If this is the case, ALL BROWSERS MAy BE VUNERABLE (Including IE, Firefox, Opera, etc.)

Users of above OS's should download/install their particular patch, ASAP.

Again, our thanks go out to cdnvic for the heads-up.

waldwolf