Microsoft sets emergency Windows patch for Monday

As exploits of shortcut bug climb, company commits to 'out-of-band' update

Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2.

The company said it is satisfied with the quality of the "out-of-band" update -- Microsoft's term for a patch that falls outside the usual monthly delivery schedule -- but also acknowledged that it has tracked an upswing in attacks.

"In the past few days, we've seen an increase in attempts to exploit the vulnerability," Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), said in a entry to the team's blog. "We firmly believe that releasing the update out of band is the best thing to do to help protect our customers."

Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. ET, 10 a.m. PT.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the "Stuxnet" worm, which targeted Windows PCs that manage large-scale industrial control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company's antivirus products, including the free Security Essentials, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

"Sality is a highly virulent strain ... known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware," wrote Holly Stewart of the Microsoft Malware Protection Center, on the group's blog Friday. "It is also a very large family -- one of the most prevalent families this year. "

Sality's inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. "After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet," said Stewart.

"We know that it is only a matter of time before more families pick up the technique," she added.

Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan.

Last week, security researchers had argued over Microsoft's ability to quickly patch the vulnerability, with HD Moore, the chief security officer of Rapid7 and the creator of the well-known Metasploit hacking toolkit, betting that Microsoft would fix the flaw within two weeks. Moore's prediction was nearly on the dot.

All versions of Windows contain the shortcut vulnerability, including the preview of Windows 7 Service Pack 1 (SP1), and the recently retired-from-support Windows XP SP2 and Windows 2000.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags MicrosoftsecurityWindowssoftwareoperating systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?