| Top
Security News |
Google Pushing To Redefine 'Responsible Disclosure'
After all the debate about disclosing security vulnerabilities within software, Google is trying to reshape the process for fixing bugs. There has always...
Mozilla Rolls Out Security Update For Firefox
This week, Mozilla released a security update for their popular Firefox web browser. Firefox 3.6.7 fixes several security issues that were found in the 3.6.6 version.
Windows XP Security Patch
This week, Microsoft released a new security patch for issues affecting the XP and Server 2003 operating systems. The vulnerabilities were all related to remote code execution, though only the XP patches...
ITunes Store To Receive Security Makeover
Apple is in the news this week about the new security measures it will be implementing in the wildly popular iTunes store. Granted, this is not a major...
The "New" Paper Trail
These days, with threats of computer hackers stealing data to insurance companies "accidentally" publishing hundreds of thousands of peoples most...
|
|
Microsoft has released a non-standard update to the Windows Operating System. This unusual move was prompted by a slew of highly critical viruses taking advantage of a vulnerability in shortcut links.
On July 16, Microsoft Security Advisory (2286198) was published to Microsoft's website. It explains a problem with the way Windows handles .LNK and .PIF files, which are symbolic links to legitimate programs on a computer. Basically, when the link image was rendered, it allowed the malware embedded in the file access equal to that of the current user and executed malicious code with those abilities. Obviously, users who insist on running with administrative permissions were at a higher risk than those who log on with a regular account.
There are several viruses that have been exploiting this security hole. The first known use of this vulnerability was the Stuxnet worm, which spread via USB drives and stole information from computers running software from Siemens. Since then, there have been other viruses to exploit this same problem. Microsoft blogged about these viruses, including one particularly nasty one known as Sality.AT. Microsoft stated that Sality is "highly virulent," and works by infecting other files, copying itself to removable media, disabling security and finally downloading other malware onto the infected system.
Earlier this week, Microsoft released Microsoft Security Bulletin MS10-046, which is the patch to fix this particular vulnerability. This "out of band" patch came a full week before the regularly scheduled update, due to concern for customers' security. Everyone who has Automatic Updates turned on will already have the patch installed and their system is secured against this particular threat. The only people who need be concerned are those who check for updates manually and those who are still running Windows 2000 or XP Service Pack 2 or earlier, as they are no longer supported by Microsoft.
|
SecurityProNews is brought to you by:
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
