August 2, 2010

Microsoft Releasing Urgent Security Patch

Microsoft is issuing an urgent security flaw update for the Windows' shortcut feature.

The bug allows attackers to booby-trap shortcuts which help them take over a target computer.

According to BBC, the software giant said that it released the patch because it had seen an increase in the number of attacks on the vulnerability.

The patch is being released today and will be sent out to those that automatically update their machines.  It will also be available via the Windows Update site.

The flaw was discovered in mid-July and allows hackers to embed commands in shortcuts that are executed when that quick link is used or viewed.  Every version of Windows is vulnerable to the flaw.

The flaw was seeded through infected USB drives and network connections.  The tempo of attacks through the bug has escalated since it was discovered and publicized.

Early attacks using the bug were aimed at the software control systems for critical infrastructure like power stations.

Microsoft is releasing an update outside its usual patch cycle.  Security fixes are usually issued on the second Tuesday of each month.

Christopher Budd, senior security response manager at Microsoft, wrote on the company's security blog: 

"We're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability".


On the Net: