Microsoft to issue patch for dangerous USB rootkit hole
Rare out of band patch should fix a scary vulnerability that has lead to espionage-like attacks.
By Microsoft Subnet on Fri, 07/30/10 - 2:05pm.Microsoft on Tuesday will release a rare out-of-band patch to fix the highly dangerous zero-day vulnerability that has caused multiple researchers to issuing warnings earlier this month. The patch will be for all supported versions of Windows and will require a restart.
As I previously wrote about, the exploit is a whopper on all levels. It comes into the enterprise via hidden files on USB sticks or via shared network files. It requires no user interaction to infect the system (simply viewing the icon is enough to trigger it). It propagates itself. It loads as a rootkit infection. It affects all Windows operating systems, even full-patched Windows 7 systems. It seems to target extremely sensitive information -- researchers say it seems to have been made for espionage. If all that weren't scary enough, a researcher has already published proof-of-concept code.
The attack exploits a vulnerability in Windows Shell, a component of Microsoft Windows. Although many anti-virus software makers claimed that they were able to update their wares to detect the rootkit, security experts remained highly concerned about the hole, as did Microsoft. In a blog post today, Christopher Budd, Sr. Security Response Communications Manager at Microsoft, explained, "we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability."
Microsoft will also hold a special edition of the bulletin release webcast on Monday, August 2, 2010 at 1:00 PM PDT. If you are interested in attending the webcast, click here to sign up.
Other articles Network World has published that discusses the attacks include:
Ms. Smith's report on the hole and how it targets espionage. (Includes links to various researcher's reports)
Microsoft confirms 'nasty' Windows zero-day bug (no patch will be forthcoming for Windows 2000)
Microsoft's actual security alert and recommended workarounds.
One researcher publishes exploit, another claims Microsoft's workarounds won't work
Check out these other posts from Microsoft Subnet
- All of today's Microsoft news and blogs
- Nearly half of Microsoft's 2010 security patches have known problems
- Microsoft fixes buggy patch for Windows Server 2008
- Why Microsoft and HP need each other
- Microsoft was against software patents before it was for them
- How to create custom AD LDS attributes
- Microsoft's cloud is slower than Google's, Amazon's, benchmark says
Like RSS? Subscribe to all Microsoft Subnet bloggers.
Like e-mail? Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Like Twitter? Follow All Microsoft Subnet bloggers on Twitter @microsoftsubnetFollow Julie Bort on Twitter @Julie188 or connect with me on my Facebook Like Page
- About The Microsoft Update
Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited
Most Discussed Posts
- Blog Roll
-
- Microsoft Subnet Home Page
- http://www.networkworld.com/subnets/microsoft/
- All Microsoft Subnet bloggers
- http://www.networkworld.com/community/blogs/microsoft/feed
- ActiveWin
- http://www.activewin.com
- Blake Handler The Road to Know Where
- http://bhandler.spaces.live.com/
- Dmitry's PowerBlog
- http://dmitrysotnikov.wordpress.com/
- Doug Brown,DABCC
- http://www.dabcc.com
- Ed Bott's Windows Expertise
- http://www.edbott.com/weblog/
- Joseph Tartakoff Microsoft Blog
- http://blog.seattlepi.nwsource.com/microsoft/
- Long Zheng istartedsomething
- http://www.istartedsomething.com/
- Mini-Microsoft
- http://minimsft.blogspot.com/
- Paul Thurrott's Supersite for Windows
- http://www.winsupersite.com
- Robert McLaws WindowsNow
- http://www.windows-now.com
- Scobleizer
- http://scobleizer.com/
- Techmeme
- http://www.techmeme.com/
- Todd Bishop's Microsoft Blog
- http://www.techflash.com/Microsoft
-
Network World, Inc
The Connected Enterprise