Microsoft issued an out-of-band patch to address a critical vulnerability in the way Windows parses .LNK shortcut files, which opens the door to an attack. Malware associated with the vulnerability has already been spotted in the wild.
Microsoft released an out-of-band patch to address a
"critical" vulnerability in how Windows handles shortcuts, as outlined in Microsoft
Security Bulletin MS10-046
"This security update addresses a vulnerability in the
handling of shortcuts that affects all currently supported versions of Windows
XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2," Christopher
Budd, response manager for Microsoft's Trustworthy Computing division, wrote in an Aug. 2 posting on the
Microsoft Security Response Center blog
. "As our colleagues over in the
MMPC [Microsoft Malware Protection Center] have noted, several families of
malware have been attempting to attack this vulnerability.
The security update protects against attempts to
exploit this issue."
The vulnerability targets the way Windows parses .LNK shortcut
files. In theory, an attacker could exploit the vulnerability locally, via a
malicious USB drive, or over network shares and WebDAV. Documents that support
embedded shortcuts could also be leveraged for an attack.
associated with the vulnerability includes Stuxnet
, which targets Siemens'
SCADA (supervisory control and data acquisition) software used by industrial
companies. Specifically, Stuxnet uses default passwords in an attempt to
connect with databases associated with SCADA systems, in order to collect
information and obtain possibly vital files. Siemens responded with a patch
July 22 for organizations at risk of attack.
Within a few days of Stuxnet's appearance, Sophos
security researchers found two more malware exploiting the Windows
: one a keylogging Trojan termed "Chymin-A" by Sophos, and the
other a "worm written in obfuscated Visual Basic" termed Dulkis-A.
Microsoft made a handful of high-profile announcements at
this July's Black Hat 2010 security conference, including Adobe Systems' decision
to begin informing vendors of software vulnerabilities via the Microsoft Active
Originally launched in October 2008, MAPP was built with the intention of delivering vulnerability information
to security software vendors ahead of Redmond's regular Patch Tuesday updates.
Adobe plans to share information about its product vulnerabilities with 65
global MAPP members.
Microsoft also announced EMET (Enhanced Migration Experience
Toolkit), which "brings newer security mitigations to older Microsoft platforms
and applications," in the company's words, and blocking targeted attacks.