Microsoft schedules emergency Windows patch for Monday

Microsoft this day stated it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2.

The company stated it is satisfied with the quality of the “out-of-band” update — Microsoft’s term for a patch that falls outside the usual monthly delivery schedule — but also acknowledged that it has tracked an upswing in attacks.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

“In the past few days, we have seen an increase in attempts to exploit the vulnerability,” Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), stated in a entry to the team’s blog. “We firmly believe that releasing the update out of band is the ideal thing to do to help protect our customers.”

Budd stated that Microsoft would release the patch on Monday at approximately 1 p.m. ET, 10 a.m. PT.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the “Stuxnet” worm, which targeted Windows PCs that manage large-scale industrial control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company’s antivirus products, including the free Security Essentials, stated that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

additional resources White Paper

Get the independent advice and expertise you need to support a virtual workforce.

Go inside: The three-step approach to making a virtual workforce a reality. The four flavors of client virtualization technologies. The three key initiatives that solve IT challenges. Download now » White Paper

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now » White Paper

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations select appropriate solutions.

Download now » White Paper

A common misconception is that mid-range storage requirements are dramatically different than that of a bigger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »

Microsoft schedules emergency Windows patch for Monday

Other Post:

Translation

Tag clouds

Recent Posts

Partner Links

404 Not Found