Microsoft to issue patch for dangerous USB rootkit hole
Microsoft on Tuesday will release a rare out-of-band patch to fix the highly dangerous zero-day vulnerability that has caused multiple researchers to issuing warnings earlier this month. The patch will be for all supported versions of Windows and will require a restart.
As I previously wrote about, the exploit is a whopper on all levels. It comes into the enterprise via hidden files on USB sticks or via shared network files. It requires no user interaction to infect the system (simply viewing the icon is enough to trigger it). It propagates itself. It loads as a rootkit infection. It affects all Windows operating systems, even full-patched Windows 7 systems. It seems to target extremely sensitive information — researchers say it seems to have been made for espionage. If all that weren’t scary enough, a researcher has already published proof-of-concept code.
The attack exploits a vulnerability in Windows Shell, a component of Microsoft MCTS Training Windows. Although many anti-virus software makers claimed that they were able to update their wares to detect the rootkit, security experts remained highly concerned about the hole, as did Microsoft. In a blog post today, Christopher Budd, Sr. Security Response Communications Manager at Microsoft, explained, “we’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability.”
Microsoft MCITP Certification will also hold a special edition of the bulletin release webcast on Monday, August 2, 2010 at 1:00 PM PDT. If you are interested in attending the webcast, click here to sign up.
Other articles Network World has published that discusses the attacks include: