Some of you may have heard about a recent security exploit that is beginning to circulate around the globe. This new exploit is coming from attackers who are taking advantage of a vulnerability in Windows using infected USB Flash Drives.
This is also gaining lots of attention since Microsoft just ended support for Windows XP Service Pack 2 only days ago, so that means when a patch is ready, Windows XP SP2 users won’t be receiving it. Users must upgrade to either Windows XP SP3, Vista or Windows 7. However no OS is safe at the moment, this new exploit affects Windows 7 as well, it even affects the Windows 7 Service Pack 1 Beta which was released last week.
This exploit seems to be gaining exposure, the Microsoft group responsible for crafting antivirus signatures, has recored 6,000 attempts to infect Windows PC’s as of July 15th. Many were hoping that the new UAC (User Account Control) feature in Vista and Windows 7 would protect their systems, but this exploit manages to over ride even that.
It’s very easy for users to become infected with this virus as it requires very little little user interaction. Hackers create a malicious “.Ink” file, and all that’s necessary is for the user to view this file in a file manager like Windows Explorer. This nasty little threat even works when “Autoplay” and “Autorun” are disabled. It’s mainly being distributed by USB drives, but it can also be transferred over shared networks.
As of yet, Microsoft haven’t announced any timeline for patching the zero-day vulnerability, however the next patch Tuesday isn’t due until Aug 10. Hopefully they will come up with a solution before then and push it out to users sooner.
Microsoft have offered a temporary solution for the moment however, but it involves diving into your registry which not many people are keen on. Microsoft said you can block attacks by disabling the display of shortcuts and turning off the WebClient service. It’s not an easy thing for inexperienced users, and it would also make life difficult for launching programs and files via shortcuts.
0 comments:
Post a Comment