Tonight's the night for Microsoft's Stuxnet/Sality patch

Stephen Withers
Monday, 02 August 2010 17:17

Business IT - Security

Microsoft is set to release an out-of-cycle security update to address a vulnerability that's being actively exploited by malware writers.

Last month, Microsoft warned customers about a vulnerability in the way the Windows Shell handles shortcuts (.LNK files) that was being exploited by the Stuxnet malware.

The company subsequently provided an automated mechanism for applying a workaround, but this had the disadvantage of displaying only generic icons in the Task bar and Start menu. Many users would find this disconcerting or confusing.

More recently, the vulnerability has been exploited by other pieces of malware, including Sality.AT, which Microsoft describes as "a highly virulent strain".

Given the growing number of attacks that exploit this vulnerability, Microsoft has decided to release the fix for the handling of .LNK files without waiting for Patch Tuesday.

"We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers," said Christopher Budd, Microsoft's senior security response communications manager.

When exactly is the patch being released? See page 2.