Microsoft plans to patch a security hole in Windows on Tuesday related to an animated cursor that hackers have used to launch attacks after users click on links to malicious Web sites. Microsoft said it would release the patch outside of a regular monthly security update because it completed testing earlier than anticipated.

Security firm F-Secure said attacks using the flaw related to cursor animation files used by Windows intensified over the weekend, with the majority tracing back to different Chinese hacker groups.

It said most of the activity around the so-called ANI exploit has been via dozens of malicious Web sites but warned that on Sunday the first Internet worm, able to replicate without the user doing anything to the machine, was found using the flaw to spread.

Microsoft said it was working with authorities investigating the latest attacks and that consumers could visit Microsoft Update or Windows Update or get more information at www.microsoft.com/athome/security.