Microsoft is issuing an urgent security update to fix a flaw in the way Windows handles shortcuts.
The bug means that attackers can craft booby-trapped shortcuts that allow them to take over a target computer.
Many users set up shortcuts to get to programs and places in Windows that they use regularly.
Microsoft said it was releasing the patch because it had seen an increase in the number of attacks on the vulnerability.
The patch will be released on 2 August at 1800 BST (1000 PDT). The fix will be sent out to those that automatically update their machines. It will also be available via the Windows Update site.(The first attacks via the flaw were aimed at power station control systems)
The flaw was found in mid-July and allows malicious hackers to embed commands in shortcuts that are executed when that quick link is used or viewed. Every version of Windows is vulnerable to the flaw.
The first exploits of the flaw were seeded via infected USB drives and network connections. While exploitation of the flaw was limited initially, the tempo of attacks via the bug have escalated since it was discovered and publicised.
Early attacks using the bug were aimed at the software control systems for critical infrastructure such as power stations.
Microsoft is signalling the severity of the problem by releasing an update outside its usual patch cycle. Security fixes are usually issued on the second Tuesday of every month.
Christopher Budd, senior security response manager at Microsoft, wrote on the company's security blog: "We're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability".
BBC
0 comments:
Post a Comment