The Way I See It!

Microsoft Security Patch

Posted by Randy Hollenbeck on Aug. 19, 2010

Computer, Computer Virus, Internet

Microsoft to releases security patch for shortcut bug

The first attacks via the flaw were aimed at power station control systems Microsoft is issuing an urgent security update to fix a flaw in the way Windows handles shortcuts.

The bug means that attackers can craft booby-trapped shortcuts that allow them to take over a target computer.

Many users set up shortcuts to get to programs and places in Windows that they use regularly.

Microsoft said it was releasing the patch because it had seen an increase in the number of attacks on the vulnerability.

The patch will be released on 2 August at 1800 BST (1000 PDT). The fix will be sent out to those that automatically update their machines.  It will also be available via the Windows Update site.

The flaw was found in mid-July and allows malicious hackers to embed commands in shortcuts that are executed when that quick link is used. Every version of Windows is vulnerable to the flaw.

The first exploits of the flaw were seeded via infected USB drives and network connections. While exploitation of the flaw was limited initially, the tempo of attacks via the bug have escalated since it was discovered and publicized.

Early attacks using the bug were aimed at the software control systems for critical infrastructure such as power stations.

Microsoft is signaling the severity of the problem by releasing an update outside its usual patch cycle. Security fixes are usually issued on the second Tuesday of every month.

Christopher Budd, senior security response manager at Microsoft, wrote on the company's security blog: "We're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability"

Source: BBC