Zero-day vulnerabilities have become a common occurrence in today’s world, but the latest Windows security flaw was still hot news. Microsoft’s decision to release a fix for the problem has once again started the debate regarding the company’s traditional monthly patch cycle. Some see it as an anachronism in a cyberworld where tomorrow’s threats are increasingly unleashed today.

One of the dangers of zero-day vulnerabilities is that despite patches being available, many users remain vulnerable because not everyone installs them straight away. According to a report on the BBC News site attackers have continued using the animated cursor bug to infect players of World of Warcraft, an online multiplayer game. The reason for this, according to the BBC, is that player accounts with WoW are seen as a valuable target for cybercriminals, who view the billion dollar online gaming market with great interest.

At the moment there still are hundreds of websites hosting malicious code that exploits the latest vulnerability, and spammers have continued mass-mailing campaigns spreading infected messages. Although Microsoft has known about the problem since December 2006, it released the fix only after widespread attacks exploiting the cursor flaw began in late March. While it only took Microsoft a couple of days to react by releasing the patch once attacks were verified, there has also been some criticism that it actually took three months for the fix to see the light of day. And despite the early release, Microsoft’s patching program for April has just began: next week’s scheduled release will contain fixes for at least five vulnerabilities, with a number of critical updates expected.