Websense, which also issued a warning Monday, wrote that a specially crafted Web site could trick a user into dragging and dropping an item from one window to the other. After the user released the mouse in the newly focused window, code could run without consent, Websense said.

Microsoft said it wouldn't issue an immediate patch, but will instead wait to issue a fix in Service Pack 2 for Windows Server 2003 and Windows XP Service Pack 3, Rathaus said. Microsoft officials were not immediately available for comment.

Related:
[pcworld.com...]

All of the updates will be detectable with Microsoft's Baseline Security Analyzer tool, and the Windows Media Player patch can be detected through Microsoft's Enterprise Scanning Tool, the company says.

Also on Tuesday, the company plans to release an updated version of its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

[edited by: encyclo at 5:00 pm (utc) on Feb. 15, 2006]
[edit reason] fixed link [/edit]