Microsoft is warning computer users of a new attack that exploits a flaw in the way Windows runs animated cursor (.ani) files.

Users could become infected with the .ani files, which act as an alternative to the traditional arrow cursor, either by opening an email attachment or by visiting a website hosting the malicious code. The file is installed on to the recipient’s machine, allowing attackers to hijack it and leaving it open to attack.

Security experts have revealed that hackers are already known to be exploiting the vulnerability, according to reports from the Sans Internet Storm Center.

The flaw affects almost all versions of Windows and Internet Explorer, the software giant admitted. Only the latest Windows Vista operating system and Internet Explorer 7 are immune from this attack.

Alternative browsers including Firefox and Opera are protected against such a threat.