Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Issue Emergency Fix For Windows .LNK Flaw

Posted by Soulskill on from the tee-plus-two-weeks dept.

Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."

1 of 112 comments (clear)

  1. Win2K users not running AV? by Ilgaz · · Score: 0, Offtopic

    As a person in TV industry, I can really relate to "people still running windwos 2000" but, trust me, it is absolutely suicidalif one doesn't run a commercial quality AV actually doing heuristics like Kaspersky or F-Secure.

    I am not a shareholder in these companies of course, it is just that they are running way deeper security checks and actually watching what really happens on the OS. People blame them for being heavier than "freeware av" for that reason.

    If you can live with pro-active way of doing things, Comodo AV which is freeware, in case it works under Win2K is a good choice too. It is like eSafe end user version (which has been abandoned) which really figures the threats even if it has no clue about them.

    While on it, OS X 10.4.11 Tiger doesn't get security updates too. I can only (unfortunately) suggest Intego Virusbarrier which is a bit pricey to them. There is a cost of having to use older commercial operating system. Obviously, I don't think there is a black hat dumb enough to specifically target some poor guy being forced to run 10.4.11 and spend time on it.