As attacks escalate, Microsoft ships emergency Windows patch

Summary:Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping -- and under attack -- security flaw in the way shortcuts are displayed by the operating system.

Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping -- and under attack -- security flaw in the way shortcuts are displayed by the operating system.

The out-of-band update, rated "critical," comes less than 20 days after the discovery of a sophisticated malware attack that combined the Windows zero-day flaw with security problems in SCADA systems and used stolen signed drivers to bypass security software.

Copycat attackers also added exploits for the Windows vulnerability into malware families, putting pressure on Redmond to release today's emergency fix.

From Microsoft's MS10-046 bulletin:

The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The flaw affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

More to come...

Topics: Operating Systems, Microsoft, Security, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.