Home » News » Software News » Microsoft to Release Emergency Security Patch

Microsoft to Release Emergency Security Patch


Microsoft to Release Emergency Security Patch

Microsoft has announced that it will release an emergency patch later today to fix a critical flaw in Windows that enables hackers to run code and take over PCs.

The patch is being released ‘out-of-band’ as a result of a significant uplift in the number of attacks, as noted by Microsoft’s Malware Protection Center, which tracks attacks on Microsoft anti-virus software such as Microsoft Security Essentials.

The malware affects every version of Windows. It makes use of Windows shortcut file icons, and launches itself when a USB stick is browsed via Windows Explorer, even without a user double clicking the shortcuts.

Microsoft released an advisory on 16 July stating, “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV.” It then released details of a workaround, but hopefully today’s patch will finally solve the issue.

The patch has been designated as ‘critical’ by Microsoft, which the company defines as “A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.”

The plaudits for discovering the flaw go to an anti-virus company called VirusBlokAda, based in Belarus, which on 17 June, found two samples of malware that could attack a fully patch Windows 7 system.

The patch is scheduled to be released at around 6pm UK time and will require a system restart – so be prepared. A webcast providing more details is scheduled 1pm Pacific Time (10pm in the UK) if you want to know more. (Registration required).

Link: Microsoft Security Bulletin notification.

Go to comments


August 2, 2010, 4:49 pm

Aren't all these pc's which are getting hacked/attacked just the ones which dont have up to date security software? Wouldn't my Norton Internet Security protect me from these things even if I haven't patched?


August 2, 2010, 5:49 pm

@Mike337: Wouldn't my Norton Internet Security protect me from these things even if I haven't patched?

Yes & No. If the Virus is known, and Norton has updated, you should be OK. The problem comes when a new Virus appears that Norton knows nothing about and uses this security hole. So it's always a good idea to keep both your OS & Virus up to date.


August 2, 2010, 6:00 pm


Norton is useless. The greatest hacker is Windows itself. Microsoft should change all Windows code and usage settings. But will never do.

No Windows PC is safe by default. Protection programs do nothing for hackers. Microsoft hates safety.


August 2, 2010, 6:46 pm


Really? Go on, tell me why. I actually know about this stuff and I think you're wrong. Actually I know you're wrong but give it a shot anyway.

As for this fix, another symptom of the continuing arms race between hackers and OS providers.


August 2, 2010, 7:23 pm

I think @stranded has been watching too much fox news. Conspiracies everywhere....


August 3, 2010, 10:39 am

Have you ever tried Control Panel-->Administrative Tools-->Services?

There is no logic for these settings. No way to be safe. Every 13yo kid with a few days crash course in hacking can do whatever he likes in your PC.

I don't like any OS. You believe in two many myths and fantastic, legendary and desperate fights between heroic developers and evil hackers.

I never watch related news and movies. Just everyday experience.


August 4, 2010, 1:32 pm


Right. So what you're saying is that any 13 year old kid who has physical access to a machine can do stuff to it. So... what happens when the same 13 year old kid with a bit of knowledge has physical access to a Mac or Unix box?

Probably best to drop this and move on. All modern OSs have their issues.

comments powered by Disqus