{"id":2804,"date":"2010-07-23T10:51:55","date_gmt":"2010-07-23T09:51:55","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2804"},"modified":"2015-09-09T19:37:28","modified_gmt":"2015-09-09T11:37:28","slug":"microsoft-confirms-windows-zero-day-bug-in-shortcut-files","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2010\/07\/microsoft-confirms-windows-zero-day-bug-in-shortcut-files\/","title":{"rendered":"Microsoft Confirms Windows Zero Day Bug In Shortcut Files"},"content":{"rendered":"

This is a pretty nasty attack and for once Microsoft<\/a> have actually acknowledged and confirmed this is a critical unpatched vulnerability. Incidentally Microsoft also recently retired Windows XP SP2 from the support cycle, and this vulnerability effects that system and they have stated they will not be patching it.<\/p>\n

It’s a pretty serious bug and it seems hackers have been maliciously exploiting it in the wild for over a month. The Stuxnet malware has been using this vulnerability to gain access to machines then download further attack files including a root kit<\/a>.<\/p>\n

Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.<\/p>\n

The bug admission is the first that affects Windows XP Service Pack 2 (SP2) since Microsoft retired the edition from support , researchers said. When Microsoft does fix the flaw, it will not be providing a patch for machines still running XP SP2. In a security advisory , Microsoft confirmed what other researchers had been saying for almost a month: Hackers have been exploiting a bug in Windows “shortcut” files, the placeholders typically dropped on the desktop or into the Start menu to represent links to actual files or programs.<\/p>\n

“In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware,” Dave Forstrom, a director in Microsoft’s Trustworthy Computing group, said in a post Friday to a company blog . Stuxnet is a clan of malware that includes a Trojan horse that downloads further attack code, including a rootkit that hides evidence of the attack.<\/p>\n

Forstrom characterized the threat as “limited, targeted attacks,” but the Microsoft group responsible for crafting antivirus signatures said it had tracked 6,000 attempts to infect Windows PCs as of July 15. <\/p><\/blockquote>\n

Limited but targeted attacks are the worst kind as they can really burrow through corporate defenses. A lot of companies are taking this seriously, including all the main players in the anti-virus arena.<\/p>\n

You have to wonder if Microsoft will break their patch tuesday<\/a> policy and issue an emergency out-of-band patch<\/a> for this.<\/p>\n

Especially since more virus writers are picking up on this flaw<\/a> meaning it’s becoming more widespread.<\/p>\n