Microsoft is releasing an out-of-band patch for a Windows security vulnerability that attackers have been targeting for the past few weeks.
The bug – a vulnerability in the Windows shell component that attackers have been exploiting via malicious .LNK files – has increasingly become the target of exploits. In light of the attacks, Microsoft announced it is planning to push out a patch on 2 August.
“We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers,” blogged Christopher Budd, senior security response communications manager at Microsoft. “Additionally, we’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability.”
If the user opens an infected USB drive in Windows Explorer or any other program that parses the shortcut icon, malware can be executed. In addition, Microsoft has warned that an attacker could set up a malicious website or a remote network share and place the malicious component there.
The malware first associated with the vulnerability was Stuxnet, which targets Siemens software used by industrial companies. Siemens began distributing a tool on 22 July to help organisations thwart attacks.
“We firmly believe that releasing the update out of band is the best thing to do to help protect our customers,” Budd wrote.
AI-generated content such as video and images are going to be labelled by TikTok using…
Neuralink brain implant embedded in 29-year-old patient named Noland Arbaugh develops a fault, but is…
US agency seeks data from Tesla on Autopilot recall, amid reports US prosecutors are probing…
The United States reportedly considers restricting China and Russia's access to AI models found in…
New child safety laws sees Ofcom calling on tech firms to “tame toxic algorithms” to…
Another u-turn? Former Twitter boss Jack Dorsey suddenly quits Bluesky's board of directors, and calls…