Microsoft Releases Out-of Band Patch

MBorsick's picture

Today Microsoft released an out of band patch which affects all Windows operating systems, but only addresses current supported editions. This security update resolves a publicly disclosed vulnerability in the Windows Shell. Specifically, this vulnerability addresses how the Windows Shell processes LNK and PIF files which are found in nearly all Windows operating systems from Windows 1 to Windows 7. Unfortunately, this update only addresses the problem on Windows XP SP3, Vista, and Windows 7. People using XP SP2 are NOT covered in this patch released because XP SP2 is no longer supported by Microsoft leaving support on July 13, 2010. Needless to say, older Microsoft operating systems are also not covered. This problem was first discovered on SCADA systems around the world. SCADA systems are computer systems used by electric and other utilities to operate the various services which deliver electricity, water, gas, etc. Originally spread by infected USB drives, a Trojan called Stuxnet is now installed via the drive-by method visiting infected webpages. In the past week or so, I have seen reports of users and corporations being infected by this Trojan. Most, if not all, anti-malware vendors have signatures out to combat this Trojan, but the reports of infection have been increasing rather than leveling off. I recommend that you immediately download this patch today. In fact, do it now! I have been monitoring this issue for several weeks now and was disappointed that Microsoft, in the beginning, did not see this as a significant threat. Of course, how things have changed. If you want more information on the Stuxnet Trojan, do a Google search on Stuxnet with the first result being the Microsoft article on the matter. BTW, if the irony isn't any stronger, don't use Bing because all the results come in based on the keyword STUDENT...

Mailbag Summary

The Mailbag section contains copies of received messages from sponsors and affiliates. These can be: special offers, newsletters, web seminar notices, or any combination of the above. Please check out the Sponsorship Overview for details on how to become a sponsor if interested!

Subscribe to Mailbag Summary