In a security advisory posted on the Microsoft Security Response website this morning, the company acknowledged a vulnerability in Windows' animated cursor, which could allow for remote code execution on a user's local machine. "An attacker could try to exploit the vulnerability by creating a specially crafted Web page," the company warned on its website. "An attacker could also create a specially crafted email message and send it to an affected system. Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment, the attacker could cause the affected system to execute code." According to Microsoft, the affected versions of Windows are Vista, Windows 2000, Windows XP and Windows Server 2003. Vista users using IE7 in its default configuration are currently protected by Internet Explorer 7.0's protected mode, though this feature can be disabled by the user.

For more on the bug:
- see this security advisory [1] at TechNet

ALSO: Has Microsoft known about this bug since December? Article [2]