A new security vulnerability puts Windows users at risk of serious cyberattacks, Microsoft warned late Wednesday.

The vulnerability affects all recent Windows versions, including Vista, which Microsoft has promoted heavily for its security. The operating system software is flawed in the way it handles animated cursors, Microsoft said in a security advisory.

An attacker could exploit the vulnerability through a Web page or e-mail message with rigged computer code, Microsoft said.

“Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code,” Microsoft said in its advisory.

Animated cursors allow a mouse pointer to appear animated. The animated-cursors feature is designated by the .ani suffix, but a successful attack is not constrained by this file type, Microsoft said. As a result, simply blocking such files won’t protect a PC.