Microsoft Issues Out-Of-Band Update To Fix Windows Vulnerability

Microsoft, on August 2, 2010, issued an emergency patch for plugging a hole in Windows operating system which cyber-criminals have been aggressively abusing. Earlier, on June 30, 2010, it had declared that owing to constantly rising malware attacks through the zero-day flaw, the company would issue an update to fix the bug even before the usual schedule of its update release.

It further stated that with the flaw, attackers could execute remote code during the display of an icon for a maliciously created shortcut. The statement, which was released through one "critical" security bulletin, in addition included that any attacker who managed to effectively exploit the flaw could acquire the same privileges like those of the host operator.

Reportedly, Microsoft released an advisory on July 16, 2010 regarding the Windows Shell flaw that lets attackers to abuse malware during the display of an icon of a shortcut. States Microsoft that an attack is possible through a USB drive, via WebDay and network shares, or within particular kinds of documents which host implanted shortcuts.

Said senior research manager Ben Greenbaum at Symantec Security Response, the vulnerability being of high profile naturally prompted Microsoft to treat it urgently. Redmondmag.com published this on August 2, 2010.

Greenbaum further said that following Microsoft's decision, other variants had surfaced like "Changeup" that could spread the Tidserv Trojan.

Notably, Microsoft released the emergency update a few days before its routine Patch Tuesday for every month that's next scheduled for August 10, 2010. Said security expert and CTO Wolfgang Kandek at Qualys, the brisk provision of the out-of-band fix was due to the growing number of assaults that reportedly exploited the .LNK vulnerability. Redmondmag.com published this. Kandek further noted that it was possible to exploit the vulnerability also via methods other than those using shortcut files.

Conclusively, computer-users having active Windows software have been urged towards installing the patch without delay. Said Christopher Budd, response manager for Microsoft Trustworthy Computing, the organization strongly believed that its customers could be best protected via issuing the update without necessarily waiting for the Patch Tuesday cycle. AFP published this on August 3, 2010.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 8/12/2010