Double 'Patch Tuesday' no April fool joke

After skipping Patch Tuesday last month, administrators will have the joy of a double patch this month -- tomorrow and next week -- because Microsoft is rushing out a fix for its Windows cursor vulnerability.

The cursor bug, which affects Windows XP and Vista, allows a specially crafted Web page or e-mail attachment to execute malicious code on victims' computer. The attack exploits a hole in a feature that allows Web sites to manipulate how the Windows' cursor is displayed.

According to an advisory published over the weekend, the software giant was going to fix the cursor vulnerability in its usual monthly patch cycle -- due on April 10 -- but because the flaw is being actively exploited, the patch will now be released this week.

Microsoft didn't issue any security patches last month despite there being five known zero-day holes in its products -- including a bug in Word that has been used in attacks since mid-February.

Seems like these patches are like buses -- none for ages and then two come at once.