Microsoft just released the security update, MS07-017, that addresses the vulnerability in Windows Animated Cursor Handling.
MSRC blog: We are encouraging customers to test and deploy this update as quickly as possible as well as ensure that you have the latest signatures and updates for your security products such as antivirus. Home users or Small Business Users who have followed best practices and configured Automatic Updates (AU) will automatically receive this update and do not need to take any additional action. For Business Users those of you who are using Windows Server Update Services (WSUS) and Systems Management Server (SMS) can use these to automatically detect and deploy the update.
We noted in our original advisory that attacks against this vulnerability affect all supported versions of Windows and Windows Server, including Windows Vista, and have been web-based and e-mail based. If you are using Windows Vista, the Internet Explorer 7 protected mode provides additional protections against web-based attacks. Also, if you’re using Outlook 2007, you’re protected against e-mail based attacks. And running as a standard user further protects you by limiting the attacker’s code with the same limitation on the logged-on user. We call these out in the Mitigating Factors section of the security bulletin MS07-017.
• Microsoft Windows 2000 Service Pack 4 — Download the update
• Microsoft Windows XP Service Pack 2 — Download the update
• Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 — Download the update
• Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2 — Download the update
• Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems — Download the update
• Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 — Download the update
• Windows Vista — Download the update
• Windows Vista x64 Edition — Download the update