How about this for a revelation - leading open source security vendor Sourcefire have said that they sorted out the Microsoft animated cursor flaw ages ago. This flaw activates even if you just visit a compromised website using Internet Explorer, causes your PC to persistently reboot and could allow remote access for hackers and eventually, zombification of your system.

In fact Sourcefire's vulnerability research team (VRT) have known about this problem for over two years, and actually "created a rule that was added to the VRT Certified Ruleset on January 17, 2005. Sourcefire VRT Certified Ruleset users have been protected against exploits targeting this vulnerability for more than 700 days." The Snort intrusion prevention system uses these rules, so if your firm uses Snort, it would have been a case of "Animated cursors? No problemo".

The flaw was eventually sorted by an out-of-cycle emergency patch (MS07-017) by Microsoft, announced through Security Advisory 935423 on 29 March. I did apply the patch as soon as it became available, although luckily I wasn't running some of the third party apps that the patch broke. Funnily enough, I did get the email promising me nude pictures of Paris Hilton and Jenna Jameson the next day. Had I decided in the interests of journalism to click on this link, any animated cursors would have drawn animated curses from me, since this could have eventually led to the Iffy-b Trojan getting onto my system.

Did Sourcefire inform Microsoft of this flaw? If they did, then are the people who've been knobbled by this exploit legally entitled to sue Microsoft? Well, let's leave that to our old 'friends', the lawyers.