Microsoft to Issue Emergency Patch for Critical Windows Flaw

ID THREATPOST:28A507836EC32821BBD035847822AFC0
Type threatpost
Reporter Dennis Fisher
Modified 2018-08-15T12:18:39


Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn’t identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware.

The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer.

Stuxnet also includes an exploit for a previously unknown vulnerability in a popular piece of SCADA software called WinCC, manufactured by Siemens.

“The bulletin addresses a security vulnerability in all supported
editions of Windows XP, Windows Server 2003, Windows Vista, Windows
Server 2008, Windows 7, and Windows Server 2008 R2, that is currently
being exploited in malware attacks,” Microsoft said in its advisory.

Within a week or so of the identification of the LNK vulnerability and the emergence of Stuxnet, researchers began seeing new pieces of malware showing up that exploit the flaw. One of these was dubbed Chymine and exploited the LNK flaw and then attempted to connect to a remote server and download a keylogger.

Microsoft has been careful about using its out-of-band patching process in the past few years, but it has shown that it has the ability to push out an emergency fix within a couple of weeks when necessary. And with a number of active exploits ongoing against the LNK flaw, this looks like one of those cases.