Finally, we have included a new workaround that customers can implement to help protect their environments: blocking the download of LNK and PIF files (note that these files can be transferred over WebDav, so be sure to account for this protocol if you implement this workaround).Īs for new attack vectors hard to see what those could be since all Windows operating systems, patched or not, are vulnerable. We've also updated the advisory with new information regarding possible attack vectors. This workaround will disable some icons from being displayed so we recommend administrators test this before deploying it widely. More information is available in the KB article 2286198, but in summary running the "Fix It" can help prevent attacks attempting to exploit this vulnerability. We've just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated "Fix It" available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. Here's the word from Microsoft on how to implement the workaround to make your systems less vulnerable. Most of the major anti-virus vendors are losely claiming that their wares will detect the rootkit. UPDATED 0721: Microsoft is still working on the actual patch, but has made it easier for users to implement its workarounds. One researcher publishes exploit, another claims Microsoft's workarounds won't work According to the Microsoft Malware Protection blog: "We have multiple signatures that detect this threat for customers using Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform. If all that weren't scary enough, a researcher has already published proof-of-concept code.Īnti-malware vendors are updating their software to add detection of the threat. It seems to target extremely sensitive information - researchers say it seems to have been made for espionage. It affects all Windows operating systems, even full-patched Windows 7 systems. It requires no user interaction to infect the system (simply viewing the icon is enough to trigger it). It comes into the enterprise via hidden files on USB sticks or via shared network files.
Microsoft has confirmed a new, highly dangerous zero-day vulnerability that has caused multiple researchers to issuing warnings.
0 kommentar(er)
