Microsoft Fixes Most Recent Vulnerability

August 05, 2010

Microsoft has released a non-standard update to the Windows Operating System. This unusual move was prompted by a slew of highly critical viruses taking advantage of a vulnerability in shortcut links.

On July 16, Microsoft Security Advisory (2286198) was published to Microsoft's website. It explains a problem with the way Windows handles .LNK and .PIF files, which are symbolic links to legitimate programs on a computer. Basically, when the link image was rendered, it allowed the malware embedded in the file access equal to that of the current user and executed malicious code with those abilities. Obviously, users who insist on running with administrative permissions were at a higher risk than those who log on with a regular account.

There are several viruses that have been exploiting this security hole. The first known use of this vulnerability was the Stuxnet worm, which spread via USB drives and stole information from computers running software from Siemens. Since then, there have been other viruses to exploit this same problem. Microsoft blogged about these viruses, including one particularly nasty one known as Sality.AT. Microsoft stated that Sality is "highly virulent," and works by infecting other files, copying itself to removable media, disabling security and finally downloading other malware onto the infected system.

Earlier this week, Microsoft released Microsoft Security Bulletin MS10-046, which is the patch to fix this particular vulnerability. This "out of band" patch came a full week before the regularly scheduled update, due to concern for customers' security. Everyone who has Automatic Updates turned on will already have the patch installed and their system is secured against this particular threat. The only people who need be concerned are those who check for updates manually and those who are still running Windows 2000 or XP Service Pack 2 or earlier, as they are no longer supported by Microsoft.

View more news