Windows flaw gets critical, patch coming tomorrow

Remember that zero-day bug that was recently discovered in Windows Active Cursor? Well, if you were hoping that it was all going to simply blow over, today is not your lucky day. Exploit code is now being used on 150 websites that take advantage of the vulnerability, causing memory corruption in unsuspecting PCs. As reported earlier, the flaw effects users running Windows Vista, Windows 2000, Windows XP and Windows Server 2003. Due to the exploits in the wild, Microsoft has vowed to release an out-of-cycle patch tomorrow, instead of waiting for the regularly-scheduled Patch Tuesday on the 10th of this month.

For more on the exploit:
- see this ZDnet article for a list of the malicious sites
- and this CNET article for more on the forthcoming patch