Microsoft have announced that the recent discovery of a major security flaw in all Windows versions is severe enough to warrant a so-called "out-of-band" security fix.
It has been for many years that Microsoft release patches to their Windows platform on the second Tuesday of every month, or "patch Tuesday". However, for exceptional security issues, an intermediary release of patches is occasionally required. Previous out-of-band patches have been for Internet Explorer vulnerabilities to exploit websites and other serious problems.
The vulnerability this patch addresses was first exposed 2 weeks ago, and since it was made public it has been exploited more and more. The problem is found in the way Windows parses links in shortcuts, and allows the remote attacker to execute arbitrary code on the victim's machine.
The patch has been pushed early due to the high volume of attacks that Microsoft have detected since the announcement. Exploits of the vulnerable code can be spread through USB memory sticks, over the internet, and WebDAV shares. BBC News even reports that initial attacks were targeted at core infrastructure such as power facilities.
The patch should be available through Windows Update and the Windows Update website imminently.
Comments