Microsoft to issue urgent vulnerability fix
Highly virulent malware strain targeting Windows bug
Microsoft is set to issue a fix for a vulnerability in Windows that is being exploited by hackers using a "highly virulent strain" of virus, the Sality family.
The fix is being issued ‘out of band' meaning outside of regular scheduled updates, as Microsoft security experts report that multiple techniques are being used to try and exploit the vulnerability. The vulnerability occurs as Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut (.LNK file) is displayed.
Microsoft said that the patch will be issued early owing to the threat from the Sality strain of malware. Sality is described as "highly virulent", infecting other files, copying itself to removable media, disabling security and downloading other malware upon in infection. It is one of the most prevalent families of malware at the moment, and Microsoft reports that is was detecting an increasing number of attack attempts combining malicious .LNKs and Sality.AT.
"In the past few days, we've seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers," wrote Christopher Budd, Microsoft's senior Security Response Communications Manager on the company's Security Response Center blog.
For more information see the Microsoft site.