Microsoft patches dangerous Windows flaw
As expected, Microsoft MCTS Training on Monday issued an out-of-band patch for a dangerous flaw affecting all supported versions of Windows, and recommended that customers patch their computers immediately.
The USB rootkit hole is a vulnerability in Windows Shell, allowing attackers to infect systems through hidden files on USB drives or shared network files.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” Microsoft said in its patch notice. “The security update addresses the vulnerability by correcting validation of shortcut icon references.”
Microsoft to issue patch for dangerous USB rootkit hole
Most customers have automatic updating enabling and thus will receive the update without taking any manual action.
“For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service,” the company said.
The patch can be applied to 14 versions of Windows, including various versions of Windows 7, Vista, XP and Windows Server. Microsoft did not promise that the patch would work with older releases and took the opportunity to remind customers that they should “migrate to supported releases to prevent potential exposure to vulnerabilities.”
The vulnerability surfaced a couple of weeks ago, shortly after the most recent Patch Tuesday. Microsoft at first offered only a workaround that was deemed “highly impractical” by one security researcher, but felt the vulnerability was critical enough to issue a patch before its next regularly scheduled Patch Tuesday, which occurs next week.
The vulnerability has already been exploited in the wild, with “an uptick in infections in the past few days,” says Jason Miller, data and security team leader at Shavlik Technologies.
“If you have applied the workarounds suggested by Microsoft MCITP Certification, you should remove them as soon as your systems are patched,” Miller says. “The most surprising aspect of this release is how close we are to the regularly scheduled patch Tuesday. With a release this close to Patch Tuesday, it is safe to assume you should patch this security bulletin immediately.”