Tuesday, August 3, 2010

Patch NOW! Microsoft Out-of-Band Patch on Monday!

SANS gave this their ultimate "PATCH NOW" rating.  I have patched and only noticed one minor issue with an icon in one user's "Quick Launch" taskbar area on XP Pro.

As attacks escalate, Microsoft ships emergency Windows patch | ZDNet
Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping — and under attack — security flaw in the way shortcuts are displayed by the operating system.

The out-of-band update, rated “critical,” comes less than 20 days after the discovery of a sophisticated malware attack that combined the Windows zero-day flaw with security problems in SCADA systems and used stolen signed drivers to bypass security software.

Copycat attackers also added exploits for the Windows vulnerability into malware families, putting pressure on Redmond to release today’s emergency fix.

SANS: Microsoft Out-of-Band bulletin addresses LNK/Shortcut vulnerability
As announced on Friday, Microsoft released an out-of-band bulletin to address the recent Shortcut/LNK exploits. As confirmed in Microsoft's announcement, various malware is now attempting to exploit this vulnerability. The vulnerability is rather easy to exploit in particular given the tools available to craft necessary shortcuts.

US-CERT Current Activity: Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability
added August 2, 2010 at 01:55 pm

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.

US-CERT strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.

Additional information regarding this vulnerability can be found in the following:


Patch for Critical Windows Flaw Available — Krebs on Security
Microsoft today released an emergency security update to fix a critical flaw present in all supported versions of Windows. The patch comes as virus writers are starting to ramp up attacks that leverage the vulnerability.

There are a couple of things you should know before installing this
update. If you took advantage of the “FixIt” tool that Microsoft shipped
last month to blunt the threat from this flaw, you should take a moment
now to undo that fix. To do that, visit this link,
then click the image below the “Disable Workaround” heading, and follow
the prompts. You will need to reboot the system before installing the
official fix released today, which is available from Windows Update.
...
You will need to reboot after installing the patch. After I applied this
patch and rebooted the system, Windows Explorer stalled, leaving
Windows unresponsive. After a forced restart (powering the system off
and then on again), my 64-bit Windows 7 system booted into Windows
normally.

When this vulnerability was initially disclosed, it was only being used in targeted attacks online. However, as Microsoft warned and others have confirmed,
this vulnerability is now showing up in more mainstream attacks. Please
take a moment to apply this update today if you can, particularly if
your Windows system is not already protected with the FixIt tool
mentioned above.

No comments: