You are here

HomeBrandon Dimmel › Microsoft to Patch Critical Shortcut Flaw Today

Microsoft to Patch Critical Shortcut Flaw Today

Dennis Faas's picture
by Brandon Dimmel on August, 2 2010 at 08:08AM EDT

Microsoft's Windows Shortcut Flaw has certainly grabbed headlines these past few weeks. Fortunately, the company looks ready to move beyond the sensational headlines with a new, permanent fix due out later today.

A flaw associated with .LNK (shortcut files) in Windows 2000 through Windows 7 was first discovered about two weeks ago by security researchers. At first, the issue involved industrial firm Siemens and could only be transmitted through infected USB key, variants of the bug have spread to common Windows users.

Worse yet, researchers found that merely plugging a compromised USB stick into a PC could cause infection without opening any files and without having Autoplay turned on. (Source: cnet.com)

Workarounds Not Popular

Recent attempts to fix the issue with workarounds have ranged in convenience, with Microsoft's own option being the least popular.

That is ready change now that Microsoft has announced it will release a permanent fix for the shortcut exploit today. The company posted on its Malware Protection Center Threat Research & Response blog that it would issue the fix outside of its monthly Patch Tuesday schedule.

A Highly Virulent Strain

The threat, which operates under the family name Sality, is considered very serious by Microsoft and third-party security experts alike. "Sality is a highly virulent strain," said Microsoft's Holly Stewart. (Source: pcmag.com)

"It is known to infect other files, copy itself to removable media, disable security, and then download other malware. It is also a very large family -- one of the most prevalent [virus] families this year."

The number of systems infected by Sality actually remains quite low, but the strain has shown incredible growth in recent days. Prior to July 23, only a few systems were reporting infection -- but by the end of the month about 8,000 computers had reported issues related to Sality. Brazil PCs are currently the most-targeted, with the those in the U.S. a close second.

Microsoft is expected to issue the patch for all versions of Windows around 1:00 p.m. Eastern Standard Time (EST).

Filed under:
Business
,
Microsoft
| Tags:
microsoft
,
sality
,
windows
Rate this article: 
No votes yet
Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.