Microsoft said today that it is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, users must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

Microsft said that the vulnerability issue has been confirmed and that it has planned a security update through its monthly release process or by providing an out-of-cycle security update. The vulnerability affects Windows 2000, XP, 2003 as well as Windows Vista.

In the meantime, Microsoft advices users to exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.