Home / / Microsoft to issue urgent vulnerability fix

Microsoft to issue urgent vulnerability fix

Highly virulent malware strain targeting Windows bug

Microsoft to issue urgent vulnerability fix
The Sality family of malware is one of the most commonly detected this year.

Microsoft is set to issue a fix for a vulnerability in Windows that is being exploited by hackers using a "highly virulent strain" of virus, the Sality family.

The fix is being issued ‘out of band' meaning outside of regular scheduled updates, as Microsoft security experts report that multiple techniques are being used to try and exploit the vulnerability. The vulnerability occurs as Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut (.LNK file) is displayed.

Microsoft said that the patch will be issued early owing to the threat from the Sality strain of malware. Sality is described as "highly virulent", infecting other files, copying itself to removable media, disabling security and downloading other malware upon in infection. It is one of the most prevalent families of malware at the moment, and Microsoft reports that is was detecting an increasing number of attack attempts combining malicious .LNKs and Sality.AT.

"In the past few days, we've seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers," wrote Christopher Budd, Microsoft's senior Security Response Communications Manager on the company's Security Response Center blog.

For more information see the Microsoft site.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.