ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

As attacks escalate, Microsoft ships emergency Windows patch

By | August 2, 2010, 11:59am PDT

Summary: Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping — and under attack — security flaw in the way shortcuts are displayed by the operating system.

Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping — and under attack — security flaw in the way shortcuts are displayed by the operating system.

The out-of-band update, rated “critical,” comes less than 20 days after the discovery of a sophisticated malware attack that combined the Windows zero-day flaw with security problems in SCADA systems and used stolen signed drivers to bypass security software.

Copycat attackers also added exploits for the Windows vulnerability into malware families, putting pressure on Redmond to release today’s emergency fix.

From Microsoft’s MS10-046 bulletin:

The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The flaw affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

More to come…

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Automatic Update, Vulnerability, Microsoft Corp., Security Update, Microsoft Windows, Patches, Microsoft Windows Server 2008, Security, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

77
Comments
Add Your Opinion

Join the conversation!

Just In

RE: As attacks escalate, Microsoft ships emergency Windows patch
mintalaska 7th Aug 2010
@MSFTWorshipper Want a worry-free platform, buy a Mac.

Or get Linux and be done with it! But if I did not have Linux I would have a MAC, And C-64 before Windows!!
View in thread
0 Votes
+ -
Yet ANOTHER out-of-cycle patch for Microsoft
Trolleur 2nd Aug 2010
For those who have been in the industry as long as I have, this out-of-cycle patch issued today by Microsoft will come as no surprise. Over the decades, Microsoft has demonstrated what can only be called massive ineptitude in dealing with critical security issues.

Microsoft only needs to look south to their acquaintances in Cupertino to see how computer security should really be handled. We have never seen Apple release an emergency out-of-cycle patch like this. Apple teams never blog about security issues, nor do they even have to present interim workarounds for severe vulnerabilities. Has anyone ever heard about Apple setting up anything that resembles Microsoft's SDL? Of course not; only companies that write insecure code need such a thing. I'll even go so far as to say that Macintosh products are so bulletproof that Apple only needs to release security patches on an irregular and haphazard basis.

I sincerely hope that Microsoft can learn from Apple the correct approach to securing software for the 21st century: not only to save the company, but also to protect each and every one of its customers.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
betelgeuse68 Updated - 2nd Aug 2010
@Trolleur Seriously why post? With that handle everything that you say has "crap" stamped on it by default. I suppose you muse at people who take what you're saying seriously but seems like a waste of energy. Namely all the time you spent typing up that text.

-M

PS: Not to mention exploits in Apple software are well documented.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
audidiablo 2nd Aug 2010
@Trolleur

Furthermore, Apple has become the world leader in insecure software. Apparently you are not quite so educated as you may think. At least MS got around this quickly whereas Apple took several months to fix the biggest internet security flaw in history. If anyone is dragging their feet that would be Apple. Furthermore it would be best if they stayed on top of their security as MS does which would help the company look like it actually cares. With Apple and its 5% market share cannot even keep up what makes them think if they ever grow to MS size in market share that they could be remotely secure. Your argument is invalid. Thanks and have a nice day iTool.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Edesw88 2nd Aug 2010
@audidiablo

FYI: I am 100% that Trolleur was being sarcastic.
0 Votes
+ -
I give an 9.0
SonofaSailor 2nd Aug 2010
@Trolleur

Nice verbiage, good setups...but it would have been nice to see some incorporation of "you heard from", or "you talked to" an official agent...from some company.

Overall, though, very good showing. Mike Cox would be proud.
0 Votes
+ -
9.0 ?
Jkirk3279 7th Aug 2010
@SonofaSailor

Ha. Russian Judge !
0 Votes
+ -
And you need only look in a mirror
Mister Spock 2nd Aug 2010
to discover that you are looked apon as a fool, Trolleur

Of the many species of humanoids I have encountered in the universe, you may be one of the most irrational one I have come across.
plain
0 Votes
+ -
Many myths are based on truth
klumper 2nd Aug 2010
@Mister Spock
Of the many species of humanoids I have encountered in the universe, you may be one of the most irrational one I have come across.

Ok now that's funny.

And coming from a guy named Spock, possibly damning. wink

Nowhere am I so desperately needed as among a shipload of illogical humans.
0 Votes
+ -
To the Contrary!
i2fun@... 3rd Aug 2010
@klumper Mister Spock appears to be one of the few Rational posters in this list of comments and you are most definitely chief among the the shipload of illogical human fools posting here. A CrAppleTard for sure! wink
0 Votes
+ -
I get it even if no one else did
intechpc (GPEN, CISM, CEH, ECSA) 3rd Aug 2010
@Trolleur

As one of the few that apparently understood your sarcasm, well played!!
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
frankinks 3rd Aug 2010
@Trolleur As many other have already said there are many security problems not only with Microsoft but with Apple and anyone who thinks their OS is "bullet" proof better save a bullet to defend themselves or commit suicide.

So while Apple is overall a more secure OS it's far, far, from being anywhere near as safe as Linux and other industrial strength OS's. It is this underlying cult like belief that Apple is somehow perfect in the security field that will eventually result in some real problems for Apple and it's users.

But the long and short of it is that Apple while good and basically secure isn't all that much beyond MS and with most Apple users using little on no security software they are more vulnerable to a dangerous attack than most MS users.

So wake up Mr. Trolleur and face the facts none of the software out there is nearly safe enough to declare victory over security threats. And Apple has shown no more a rush to solve those threats that it's software has than any of the other consumer software OS's.

Frank Woodman Jr.
www.proservicesks.com
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
eldernorm 3rd Aug 2010
@frankinks
"But the long and short of it is that Apple while good and basically secure isn't all that much beyond MS and with most Apple users using little on no security software they are more vulnerable to a dangerous attack than most MS users. "

OK, using a Mac, I need security software against the viruses in the wild... er... which viruses would those be?? Why there must be hundreds or even thousands of viruses that can affect my Mac..... its just that no one can seem to find them...

Is Apple OS perfect? Of course not. But the millions of MS Windows users that have to buy your software to protect their computers should be concerned. Where are these Mac viruses? And if no one can find them, how will you protect us against them?

Just curious.
en
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Disgruntled M$ User Updated - 3rd Aug 2010
@Trolleur
Perhaps you should check this out!!
http://secunia.com/advisories/product/96/?task=advisories_2010
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
BD Hodge 3rd Aug 2010
@Trolleur

Really? You obviously don't work in the real world of technical support. Apple is so unprepared for viruses and malware that when one does show up on one of their systems, there are no removal tools and reloading the operating system is the only option. How do I know this? I send my Apple using clients to the Apple store if they get a virus, and this is their answer.

Seriously, wake up and smell the coffee. Apple is just as susceptible to security flaws, people just don't bother as much because they are such a small percentage of the desktops.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
john_gillespie@... 3rd Aug 2010
@Bey Otch Yeah .. the last time I had a virus on a Mac was in 1991.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
eldernorm 3rd Aug 2010
@Bey Otch
"Apple is so unprepared for viruses and malware that when one does show up on one of their systems,"

so you are saying that there is not one out there yet. And if we wait for a few years or so, finally one will come and then will we ever be sorry...

Maybe.... but not as sorry as I would be if I had been using a PC all those years.

Just a thought,
en
0 Votes
+ -
Yeah, I don't use my Mac either
no_axe_to__grind 4th Aug 2010
@john_gillespie Since the Mac is such a piece of crap, it's no wonder I don't get any viruses; I don't use it except to play iTunes.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
cito@... 3rd Aug 2010
@Trolleur ... when apple gets to the market share of windows, they will be hacked into and messed with and you will see that no one is safe in the new age of communication.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
john_gillespie@... 3rd Aug 2010
@cito@... When do you think the Apple share of the market will be the same as Windows? Do you think it will happen because users will be tired of paying the 'MicroSoft Tax'?
0 Votes
+ -
Don't hold your breath.
Lester Young 3rd Aug 2010
@cito@...

For market share parity, that is. XP will be the target of choice for a while yet. After XP fades, all bets are off.
0 Votes
+ -
What breath...
LTV10 3rd Aug 2010
For market share parity, that is. XP will be the target of choice for a while yet. After XP fades, all bets are off.

@Lester Young
Riiight, and I have a bridge to sell you. How big do you want it?
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
j-mccurdy@... 3rd Aug 2010
@cito@... "when apple gets to the market share of windows," That will never happen, Apple will never be worth a hacker wasting their time on. At Can Sec West PWN2 Own, Apple is worth it, and Charley Miller Has his way with it and makes a Mac book Pro OSX his beeoch Every year, and then he takes it home. He says they're easy, and he pretty much proves it.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
ianarmstrong 3rd Aug 2010
Please don't feed the trolls...
http://www.youtube.com/watch?v=6pESOSI2hTA
0 Votes
+ -
Whatever You Say, It's All CrApple to Me!
i2fun@... 3rd Aug 2010
@Trolleur Biggest laugh I've had in ages reading your post. But sorry.... no applause are standing ovations will be awarded for your display of your iNazi intelligence level, which even skinheads come score at least a few! haha.....


Nor for your blatant attempt to yet again mark respondents comments as Spam as you and your ilk seem to be so apt to do! ....you CrApple die hearts are so ignorant of what Spam is, haven't gotten for years out of Steve's Mouth!!!
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
I12BPhil 3rd Aug 2010
@i2fun@... Holy crap, you're an idiot.
0 Votes
+ -
@i2fun is jealous..
LTV10 3rd Aug 2010
...that he found an idiot as big as himself.

lol... grin
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
MLHACK 3rd Aug 2010
@Trolleur

Oh my another Steve Jobs prison ^itch.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
windozefreak 3rd Aug 2010
@Trolleur
Not telling anone about vunerabilities and not patching systems is not (not!) the way to handle security, thank you very much.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
j-mccurdy@... 3rd Aug 2010
@Trolleur Considering so many people actually thought Trolleur was serious, what does that say about a lot of Apple fan boys. I was actually buying it for a second because it sounded a lot like the real thing. And it was pretty over the top. Great work dude.
0 Votes
+ -
trolleur, does zdnet hire you to write this nonsense?
Narr vi Updated - 2nd Aug 2010
You literally make no sense.

A problem got fixed today, expedited because it was important.

That is all the news there is.
0 Votes
+ -
Intellectually challenged - edited.
Economister Updated - 2nd Aug 2010
@Narr vi

It appears you meant to reply to "Trolleur" but misplaced your reply and did not follow protocol. I thought your post was directed at the blogger.

My apologies.
0 Votes
+ -
Protocol blues
klumper 2nd Aug 2010
@Economister

Weighing in only to say that he did identify Trolleur by name in his subject line, which basically suffices. But more importantly, what good does it do to "follow protocol" when half the time the protocols are broken? (i.e. ever since the latest spring remake of the board). Or have you yet to notice?

I'll give you a further clue or two in this regard:

... hits *Reply to* button per "normal" protocol:

[click] *Error on page*

[click] *This message has been reported as spam*

[click] *This message has already been posted*

[click] message simply disappears, never to be seen again

[click] [click] [click] *crickets*

grrrrrr ... sad

Goes to *Add Your Opinion* with same message:

[click] Successfully posts! wink

With me now?
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Narr vi Updated - 2nd Aug 2010
Thanks, klumper. It's exactly as you say.

And, when I wanted to reply to your post, there was no button to do so. QED.

Regards,
narr vi
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Narr vi 2nd Aug 2010
@Economister, no problem.

narr vi
0 Votes
+ -
Not really
Economister 2nd Aug 2010
@klumper

sure about the purpose of your post, humor or ridicule, but you failed at both. The at symbol "@" is what identifies the post as a response, hence the alias only generally does NOT suffice despite your assertions to the contrary. If the "@" is missing I will not look up for the original comment, but instead assume that whatever is typed is part of the post.

Are you with me? That is a more important question, since you seem to be struggling with some basic concepts.
0 Votes
+ -
Wanna fumble again?
klumper 2nd Aug 2010
@Economister
Are you with me? That is a more important question, since you seem to be struggling with some basic concepts.

That's odd, only you seem to be lost.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Socratesfoot 2nd Aug 2010
@Narr vi You did notice that he put the word TROLL right in his title. (TROLL-eur) as in a Frenchman who Trolls.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Narr vi Updated - 2nd Aug 2010
of course, my son.

Just to add, when I wrote that you were excused in French, the ZDNet forum said my message was then flagged as spam!

Looks like klumper is exactly correct.

And by the way, accents had nothing to do with it, as there weren't any.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
john_gillespie@... 3rd Aug 2010
@Narr vi Fixed today but my clients started having problems 20 days ago. MS knew about it but didn't warn its users.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Loverock Davidson 2nd Aug 2010
Good, one less vulnerability in Microsoft systems. Notice how the attacks didn't start coming on until after this information was made public? Not a big deal anyway, this isn't the first time Microsoft has released a patch that was out of band and probably won't be the last. Seems like the bloggers are more interested in saying that its out of band than the severity of the actual vulnerability.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Socratesfoot 2nd Aug 2010
@Loverock Davidson Well, it was pretty severe and actually took advantage of several exploits that were supposedly patched already. But, they did fix it...I mean hopefully...Well, as long as that doesn't get bypassed. But then I'm sure they'll fix it again.
0 Votes
+ -
Pretty severe? Hardly.
ye 2nd Aug 2010
@Socratesfoot: This was no more severe than any other user land vulnerability. Which makes me wonder why MS felt the need to ship an out-of-cycle patch for it.
0 Votes
+ -
What makes me wonder, ye...
LTV10 3rd Aug 2010
...is why you're not in charge of Micro$oft since you seem to know more about it than they do.
0 Votes
+ -
Too bad the "fix" breaks the icons, and removal does not restore them
chrome_slinky@... 2nd Aug 2010
This is just another Microsoft SNAFU, as the applied patch on Windows XP SP3 hoses all of the icons not already in explorer.exe, so effectively, all desktop and menu system icons revert to the generic windows icon.

Alright for those who don't care, but I do, so I removed the "patch/fix" only to find that the icons were still hosed and could not be displayed. It took manual registry edits to restore the proper icons, and I quickly went back to the Sophos fix, which did not change the overall behavior of my system.

Thanks for another great job, Microsoft [Not]

I'm not sure if this happens on Windows 7 or Vista machines, because I deployed the "fix" on my XP laptop first. My desktops with 7 and or Vista will not see the Microsoft fix until it really is one.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
Narr vi Updated - 2nd Aug 2010
@chrome_slinky@, the unfix works fine on Windows 7.

You do have to reboot in order to see the icons back. This was cleverly hidden by the apparent termination of the unfix, thus I wrote them a note on their 'did we help' query.

The reboot request does come up as required _after_ you think it's missing and have noted like this and finally, actually closed the unfix.

Now all icons are back to showing.
0 Votes
+ -
perhaps this is another nudge
chrome_slinky@... Updated - 2nd Aug 2010
@Narr vi

for those of us who don't have the "windows 7 religion" to update. I have 2 copies of Windows 7 Ultimate (one of them a real Steve Ballmer signature version - oh boy!) but my laptop works fine with XP and would be a real pig with Windows Vista or 7.

The thing is, since Microsoft says they are supporting XP SP3, the fix I have witnessed is not an acceptable one. It is simply an automated application of a stop-gap measure.
0 Votes
+ -
No problems here. On either WIndows 7 or XP SP3.
ye 2nd Aug 2010
@chrome_slinky@...: I get the impression you're referring to the temporary fix and not the just released patch.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
windozefreak 3rd Aug 2010
@ye
You are right! And he is on all of the boards trying to sale this wive's tale and no one is buying. Pitiful, really pitiful!
0 Votes
+ -
Fair is fair....
James Quinn 2nd Aug 2010
I've applauded Apple for patching quickly or at least before a vulnerability is actually exploited. If MS patches quickly in response to a potential exploit/vulnerability good for MS.

Pagan jim
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
illegaloperation 2nd Aug 2010
@James Quinn
If Microsoft patches this vulnerability as fast as Apple, we would be waiting another two months for the patch.
0 Votes
+ -
RE: As attacks escalate, Microsoft ships emergency Windows patch
mintalaska 7th Aug 2010
@MSFTWorshipper Want a worry-free platform, buy a Mac.

Or get Linux and be done with it! But if I did not have Linux I would have a MAC, And C-64 before Windows!!

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix