[LINK] Microsoft rushes out emergency fix for critical Windows bug
brd at iimetro.com.au
Tue Aug 3 10:43:10 AEST 2010
1. Didn't Microsoft say a few years ago it was going to radically
improve its security?
2. Didn't we have a discussion on Link many years ago about what a bad
idea it would be to connect SCADA systems to the internet?
3. Is the world of technology getting more and more stupid?
4. Am I getting less tolerant?
Microsoft rushes out emergency fix for critical Windows bug
By Dan Goodin
Posted in Enterprise Security,
2nd August 2010 21:08 GMT
Microsoft on Monday rushed out an emergency patch for a critical
vulnerability that criminals are exploiting to install malware on all
supported versions of the Windows operating system.
As promised Friday, Microsoft released the update outside of its normal
patching schedule because the vulnerability is being actively targeted.
When the flaw first came to public attention three weeks ago, it was
being used to attack SCADA — supervisory control and data acquisition —
systems that control sensitive equipment at power plants, gas
refineries, and other other critical infrastructure.
Click here to find out more!
Since then, it's been used to install general-purpose malware from Zeus
and other do-it-yourself crimeware kits used to siphon credit card
numbers and other sensitive data from compromised computers. The Windows
flaw resides in a shortcut feature that makes it easy to store commonly
accessed files and folders on the operating-system desktop.
Users who employed a stopgap FixIt published two weeks ago should roll
back their machines using the “disable workaround” feature here. Those
who don't follow this advice will find that icons fail to display
properly, causing folders and files to appear white without any of the
Users will most likely have to reboot their machines twice — once after
uninstalling the workaround, and again after installing the update.
Microsoft's out-of-band bulletin is here.
email: brd at iimetro.com.au
More information about the Link