As attacks escalate, Microsoft ships emergency Windows patch

As attacks escalate, Microsoft ships emergency Windows patch

Summary: Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping -- and under attack -- security flaw in the way shortcuts are displayed by the operating system.

SHARE:

Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping -- and under attack -- security flaw in the way shortcuts are displayed by the operating system.

The out-of-band update, rated "critical," comes less than 20 days after the discovery of a sophisticated malware attack that combined the Windows zero-day flaw with security problems in SCADA systems and used stolen signed drivers to bypass security software.

Copycat attackers also added exploits for the Windows vulnerability into malware families, putting pressure on Redmond to release today's emergency fix.

From Microsoft's MS10-046 bulletin:

The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The flaw affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

More to come...

Topics: Operating Systems, Microsoft, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

77 comments
Log in or register to join the discussion
  • Yet ANOTHER out-of-cycle patch for Microsoft

    For those who have been in the industry as long as I have, this out-of-cycle patch issued today by Microsoft will come as no surprise. Over the decades, Microsoft has demonstrated what can only be called massive ineptitude in dealing with critical security issues.

    Microsoft only needs to look south to their acquaintances in Cupertino to see how computer security should really be handled. We have never seen Apple release an emergency out-of-cycle patch like this. Apple teams never blog about security issues, nor do they even have to present interim workarounds for severe vulnerabilities. Has anyone ever heard about Apple setting up anything that resembles Microsoft's SDL? Of course not; only companies that write insecure code need such a thing. I'll even go so far as to say that Macintosh products are so bulletproof that Apple only needs to release security patches on an irregular and haphazard basis.

    I sincerely hope that Microsoft can learn from Apple the correct approach to securing software for the 21st century: not only to save the company, but also to protect each and every one of its customers.
    Trolleur
    • RE: As attacks escalate, Microsoft ships emergency Windows patch

      @Trolleur Seriously why post? With that handle everything that you say has "crap" stamped on it by default. I suppose you muse at people who take what you're saying seriously but seems like a waste of energy. Namely all the time you spent typing up that text.<br><br>-M<br><br>PS: Not to mention exploits in Apple software are well documented.
      betelgeuse68
    • RE: As attacks escalate, Microsoft ships emergency Windows patch

      @Trolleur

      Furthermore, Apple has become the world leader in insecure software. Apparently you are not quite so educated as you may think. At least MS got around this quickly whereas Apple took several months to fix the biggest internet security flaw in history. If anyone is dragging their feet that would be Apple. Furthermore it would be best if they stayed on top of their security as MS does which would help the company look like it actually cares. With Apple and its 5% market share cannot even keep up what makes them think if they ever grow to MS size in market share that they could be remotely secure. Your argument is invalid. Thanks and have a nice day iTool.
      audidiablo
      • RE: As attacks escalate, Microsoft ships emergency Windows patch

        @audidiablo

        FYI: I am 100% that Trolleur was being sarcastic.
        Edesw88
    • I give an 9.0

      @Trolleur

      Nice verbiage, good setups...but it would have been nice to see some incorporation of "you heard from", or "you talked to" an official agent...from some company.

      Overall, though, very good showing. Mike Cox would be proud.
      SonofaSailor
      • 9.0 ?

        @SonofaSailor

        Ha. Russian Judge !
        Jkirk3279
    • And you need only look in a mirror

      to discover that you are looked apon as a fool, Trolleur

      Of the many species of humanoids I have encountered in the universe, you may be one of the most irrational one I have come across.
      :|
      Tim Cook
      • Many myths are based on truth

        @Mister Spock
        [i]Of the many species of humanoids I have encountered in the universe, you may be one of the most irrational one I have come across.[/i]

        Ok now that's funny.

        And coming from a guy named Spock, possibly damning. ;)

        [i][b]Nowhere am I so desperately needed as among a shipload of illogical humans. [b][/i]
        klumper
      • To the Contrary!

        @klumper Mister Spock appears to be one of the few Rational posters in this list of comments and you are most definitely chief among the the shipload of illogical human fools posting here. A CrAppleTard for sure! ;)
        i2fun@...
    • I get it even if no one else did

      @Trolleur

      As one of the few that apparently understood your sarcasm, well played!!
      intechpc (GPEN, CISM, CEH, ECSA)
    • RE: As attacks escalate, Microsoft ships emergency Windows patch

      @Trolleur As many other have already said there are many security problems not only with Microsoft but with Apple and anyone who thinks their OS is "bullet" proof better save a bullet to defend themselves or commit suicide.

      So while Apple is overall a more secure OS it's far, far, from being anywhere near as safe as Linux and other industrial strength OS's. It is this underlying cult like belief that Apple is somehow perfect in the security field that will eventually result in some real problems for Apple and it's users.

      But the long and short of it is that Apple while good and basically secure isn't all that much beyond MS and with most Apple users using little on no security software they are more vulnerable to a dangerous attack than most MS users.

      So wake up Mr. Trolleur and face the facts none of the software out there is nearly safe enough to declare victory over security threats. And Apple has shown no more a rush to solve those threats that it's software has than any of the other consumer software OS's.

      Frank Woodman Jr.
      www.proservicesks.com
      frankinks
      • RE: As attacks escalate, Microsoft ships emergency Windows patch

        @frankinks
        "But the long and short of it is that Apple while good and basically secure isn't all that much beyond MS and with most Apple users using little on no security software they are more vulnerable to a dangerous attack than most MS users. "

        OK, using a Mac, I need security software against the viruses in the wild... er... which viruses would those be?? Why there must be hundreds or even thousands of viruses that can affect my Mac..... its just that no one can seem to find them...

        Is Apple OS perfect? Of course not. But the millions of MS Windows users that have to buy your software to protect their computers should be concerned. Where are these Mac viruses? And if no one can find them, how will you protect us against them?

        Just curious.
        en
        eldernorm
    • RE: As attacks escalate, Microsoft ships emergency Windows patch

      @Trolleur <br>Perhaps you should check this out!!<br><a href="http://secunia.com/advisories/product/96/?task=advisories_2010" target="_blank" rel="nofollow">http://secunia.com/advisories/product/96/?task=advisories_2010</a>
      Disgruntled_MS_User
    • RE: As attacks escalate, Microsoft ships emergency Windows patch

      @Trolleur

      Really? You obviously don't work in the real world of technical support. Apple is so unprepared for viruses and malware that when one does show up on one of their systems, there are no removal tools and reloading the operating system is the only option. How do I know this? I send my Apple using clients to the Apple store if they get a virus, and this is their answer.

      Seriously, wake up and smell the coffee. Apple is just as susceptible to security flaws, people just don't bother as much because they are such a small percentage of the desktops.
      BD Hodge
      • RE: As attacks escalate, Microsoft ships emergency Windows patch

        @Bey Otch Yeah .. the last time I had a virus on a Mac was in 1991.
        john_gillespie@...
      • RE: As attacks escalate, Microsoft ships emergency Windows patch

        @Bey Otch
        "Apple is so unprepared for viruses and malware that when one does show up on one of their systems,"

        so you are saying that there is not one out there yet. And if we wait for a few years or so, finally one will come and then will we ever be sorry...

        Maybe.... but not as sorry as I would be if I had been using a PC all those years.

        Just a thought,
        en
        eldernorm
      • Yeah, I don't use my Mac either

        @john_gillespie Since the Mac is such a piece of crap, it's no wonder I don't get any viruses; I don't use it except to play iTunes.
        no_axe_to__grind
    • RE: As attacks escalate, Microsoft ships emergency Windows patch

      @Trolleur ... when apple gets to the market share of windows, they will be hacked into and messed with and you will see that no one is safe in the new age of communication.
      cito@...
      • RE: As attacks escalate, Microsoft ships emergency Windows patch

        @cito@... When do you think the Apple share of the market will be the same as Windows? Do you think it will happen because users will be tired of paying the 'MicroSoft Tax'?
        john_gillespie@...
      • Don't hold your breath.

        @cito@...

        For market share parity, that is. XP will be the target of choice for a while yet. After XP fades, all bets are off.
        Lester Young