Hey everyone this is Adrian Stone, I wanted to let people know that we have just posted Microsoft Security Advisory (935423). This advisory addresses new public reports of very limited attacks against a newly reported vulnerability in Microsoft Windows Animated cursor handling. We’ve activated our Software Security Incident Response Process (SSIRP) and there are few items worth noting: In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability, view a specially crafted e-mail message, or opening a specially crafted email attachment sent to them by an attacker. While the attack appears to be targeted and not widespread we are monitoring the issue and will update the Advisory and blog as new information becomes available. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability and we will be working with our MSRA partners to monitor and help protect customers. Thanks, Adrian I also just wanted to drop in and make a quick update as our Secure Windows Initiative Team has been hard at work analyzing the issue throughout the day and we have identified some additional info regarding e-mail and its role as a mitigation and workaround for this attack. The mains points are: *This posting is provided “AS IS” with no warranties, and confers no rights.*