Microsoft Releases Fixes for Critical Windows Flaw

Microsoft has released an automated workaround for the recently found Windows vulnerability exploited by the cyber criminals to take control of the computers. These computers include systems used to manage sophisticated equipments at industrial facilities and power plants.

The software giant has introduced the "Fix It" tool in order to temporarily plug in the vulnerability and to prevent the attacks already exploiting this vulnerability by deactivating some icons from linked to shortcut files.

The vulnerability exists in the method Windows manages shortcut icons. The operating system fails to parse some parameters. It is possible to insert some malicious code in them. The malicious codes are automatically executed when an icon is viewed.

Cyber criminals actively exploit vulnerability in targeted attacks, said Microsoft. As per the reports, at least one customer of Supervisory Control and Data Acquisition (SCADA) software developed by Siemens has been attacked by a computer worm. The worm exploits vulnerability in Windows. The malware controls the systems used for managing highly sophisticated equipments at manufacturing plants, nuclear facilities and other industrial settings.

The vulnerability could be exploited to conduct drive-by downloads against Windows users running Internet Explorer. The criminal could create malicious website or remote network share to install malicious components from a remote location. When the user browse the website using Internet Explorer or some other file manager like Windows Explorer, Windows will try to install the icon of shortcut file. Besides, the malicious binary will be inserted.

In addition, the criminal could insert a malicious exploit in a document that help embedded shortcuts or a hosted browser control. This is not confined to Microsoft Office documents.

While the attacks recorded till now have been highly targeted, security experts warn that they could become widespread.

The vulnerability exists in different Windows platforms such as patched Windows 7 systems and Windows Vista.

The security patch issued by Microsoft gives a temporary fix until the software giant issues a new one either in periodical update cycle or out-of-band patch that fix the vulnerability for good reasons.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 8/2/2010