Microsoft shifted gears over the weekend, announcing plans on Sunday to release an emergency patch for a vulnerability that the company has known about for more than three months.

The flaw, which occurs in the way that Windows handles animated cursor (.ANI) files, came to light last week, after attackers started using the vulnerability to compromise victims through Web and e-mail attacks. Security firm Determina had notified Microsoft of the vulnerability in December 2006, and the software giant planned to fix the issue in its regularly scheduled April patch, the company said.

Now, Microsoft will release the patch a week early.

"From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat--additionally, we are aware of public disclosure of proof-of-concept code," Christopher Budd, security program manager for Microsoft Security Response Center, said in a statement posted to the group's blog. "In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007."

Reports of attacks and public exploits using the flaw in the way Windows handles animated-cursor (.ANI) files increased toward the end of last week. A group that uses compromised Web sites to redirect visitors to a number of Chinese sites hosting malicious content has begun to exploit the flaw to compromise victims' systems. Security Web site milw0rm.com is currently hosting two different exploits for the vulnerability. Both Immunity and the Metasploit Project have incorporated exploits for the issue into their security-checking software.

The flaw affects all versions of Windows, including Windows Vista, and can be exploited through Internet Explorer 6 and 7 as well as e-mail. Microsoft stated that the company will continue testing the patch up until release and an issue could be found that delays the release of the update.