[LINK] Microsoft rushes out emergency fix for critical Windows bug

Bernard Robertson-Dunn brd at iimetro.com.au
Tue Aug 3 10:43:10 AEST 2010

1. Didn't Microsoft say a few years ago it was going to radically 
improve its security?

2. Didn't we have a discussion on Link many years ago about what a bad 
idea it would be to connect SCADA systems to the internet?

3. Is the world of technology getting more and more stupid?

4. Am I getting less tolerant?

Microsoft rushes out emergency fix for critical Windows bug
By Dan Goodin
Posted in Enterprise Security,
2nd August 2010 21:08 GMT
The Register

Microsoft on Monday rushed out an emergency patch for a critical 
vulnerability that criminals are exploiting to install malware on all 
supported versions of the Windows operating system.

As promised Friday, Microsoft released the update outside of its normal 
patching schedule because the vulnerability is being actively targeted. 
When the flaw first came to public attention three weeks ago, it was 
being used to attack SCADA — supervisory control and data acquisition — 
systems that control sensitive equipment at power plants, gas 
refineries, and other other critical infrastructure.
Click here to find out more!

Since then, it's been used to install general-purpose malware from Zeus 
and other do-it-yourself crimeware kits used to siphon credit card 
numbers and other sensitive data from compromised computers. The Windows 
flaw resides in a shortcut feature that makes it easy to store commonly 
accessed files and folders on the operating-system desktop.

Users who employed a stopgap FixIt published two weeks ago should roll 
back their machines using the “disable workaround” feature here. Those 
who don't follow this advice will find that icons fail to display 
properly, causing folders and files to appear white without any of the 
customary graphics.

Users will most likely have to reboot their machines twice — once after 
uninstalling the workaround, and again after installing the update. 
Microsoft's out-of-band bulletin is here.



Bernard Robertson-Dunn
Canberra Australia
email:	 brd at iimetro.com.au
website: www.drbrd.com

More information about the Link mailing list