Redmond (ip-192.com): Microsoft will release an "out of band" patch today to close a loophole that has been actively exploited by hackers and cyber criminals. The vulnerability in Windows Shell affects all versions of Windows from XP to Windows 7, including Windows Server 2003, 2008, and 2008R2.
"We're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability," said Christopher Budd, a senior security response manager at Microsoft. "We firmly believe that releasing the update out-of-band is the best thing to do to help protect our customers."
Windows incorrectly parses shortcuts in a way that allows malicious code to be executed when the icon of a shortcut is displayed, Microsoft says. The vulnerability can be exploited remotely via network shares and WebDAV and locally through a malicious USB drive. Some types of documents that support embedded shortcuts can also be used to gain access and ultimately control over the computer.
The vulnerability was first found in July, and Microsoft published a workaround solution on July 16 saying that users should disable icons for shortcuts and the WebClient service. According to the Microsoft Malware Protection Center's Threat Research & Response Blog, hackers did gain temporary access to more than 8,000 computers by the end of July.
The patch will be released today at around 1.00 p.m.
Recent Comments