Computerworld and other sources are reporting a newly-discovered critical bug in all versions of Windows. The bug is so critical that the Internet Storm Center (ISC) has pushed its Infocon threat indicator to "Yellow," a rare move, while Symantec also bumped up the status of its ThreatCon barometer to "Elevated." Users are being warned to expect widespread attacks.
"The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch," said Lenny Zeltser, an ISC security analyst.
Last Friday, Microsoft confirmed that attackers can use a malicious shortcut file, identified by the ".lnk" extension, to automatically execute their malware by getting users to view the contents of a folder containing such a shortcut. Malware can also automatically execute on many systems when a USB drive is plugged into the PC.
All versions of Windows, including the just-released beta of Windows 7 Service Pack 1 (SP1), as well as the recently retired Windows XP SP2 and Windows 2000, contain the bug.
In a related post, we reported that Sieman is warning customers about attacks on its industrial control software that exploit this bug.
Citadel Information Group
Information Security Management for Business and the Not-for-Profit Community
www.citadel-information.com
Delivering Information Peace of Mind ®
www.citadel-information.com
Delivering Information Peace of Mind ®
Posts
Search This Blog
Index of Topics
- Business at risk (115)
- Citadel in the news (7)
- Citadel Information Security Guides (8)
- Citadel: Guide to Blog (1)
- Citadel: Thinking about Security (10)
- Cloud Security (2)
- Consumers at risk (13)
- Credit card fraud (14)
- Culture Change (1)
- Financial systems security (67)
- Healthcare (7)
- Identity theft (30)
- Insurance (1)
- Internet badlands (113)
- ISSA-LA (2)
- Law Firms (2)
- Legal (23)
- Miscellany (6)
- national security (46)
- Not-for-Profit (5)
- Privacy (27)
- Ray of Sunshine (15)
- School security (3)
- Security Alert: Vulnerability Management (74)
- Security management (24)
- Security Research (5)
- Security Surveys (13)
- Social Engineering (1)
- Social networks (13)
Blog Archive
-
►
2011
(2)
- ► January 2011 (2)
-
▼
2010
(237)
- ► December 2010 (6)
- ► November 2010 (9)
- ► October 2010 (7)
- ► September 2010 (8)
- ► August 2010 (13)
-
▼
July 2010
(8)
- Emergency Windows Patch Due Monday
- Fake Firefox Flash Update is Rogue
- Digital Forensics Association Research Report: Fiv...
- Spyware Targets Industrial Facilities, including S...
- CyberSecurity Threat Indicator Raised as Critical ...
- New Malware Targets Industrial Control Systems, li...
- Microsoft Security Updates ... Support Ends for XP...
- Microsoft Warns of Uptick in Attacks on Unpatched ...
- ► April 2010 (39)
- ► March 2010 (65)
- ► February 2010 (38)
- ► January 2010 (27)
-
►
2009
(83)
- ► December 2009 (17)
- ► November 2009 (7)
- ► October 2009 (9)
- ► September 2009 (22)
- ► August 2009 (17)
- ► February 2009 (1)
Information Security Links
- Citadel Information Group
- Google Online Security Blog
- Information Systems Security Association
- Information Systems Security Association - LA Chapter
- InfraGard - Los Angeles
- Krebs on Security
- Microsoft Malware Protection Center
- MITRE CVE
- NIST Computer Security Resource Center
- Open Web Application Security Project (OWASP)
- Privacy Rights Clearinghouse
- SANS Internet Strom Center
- US CERT
Disclaimer
Citadel provides this blog as a public service to the community. We make no claim or representation that items posted on this blog are correct. We post "Security Alerts" primarily to assist readers manage security vulnerabilities on their personal home computers; these alerts are NOT comprehensive and are not to be relied upon as such.
(c) Copyright 2009-2010. Citadel Information Group. All Rights Reserved.
Permission is given to re-post and re-print blog postings provided that attribution is given to Citadel Information Group, the above copyright is included and the following link to our website is provided: www.citadel-information.com
(c) Copyright 2009-2010. Citadel Information Group. All Rights Reserved.
Permission is given to re-post and re-print blog postings provided that attribution is given to Citadel Information Group, the above copyright is included and the following link to our website is provided: www.citadel-information.com