Just an FYI from Slashdot: http://it.slashdot.org/story/10/07/18/1950210/Microsoft-Has-No-Plans-To-Patch-New-Flaw
"Microsoft has acknowledged the vulnerability that the new malware Stuxnet uses to launch itself with .lnk files, but said it has no plans to patch the flaw right now. The company said the flaw affects most current versions of Windows, including Vista, Server 2008 and Windows 7 32- and 64-bit. Meanwhile, the digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers for the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers." Several links were provided that Outlook didn't copy over; so here they are: https://it.slashdot.org/story/10/07/15/1955228/Malware-Targets-Shortcut-Flaw-In-Windows-SCADA http://threatpost.com/en_us/blogs/verisign-revokes-certificate-used-sign-stuxnet-malware-071710 Thanks, Jeff Cain - [email protected]<mailto:[email protected]> Technical Support Analyst Sunbelt Software, part of the GFI Software family www.sunbeltsoftware.com<http://www.sunbeltsoftware.com/> Tel: 1-877-757-4094 Fax: +1 727-562-3402 From: Andrew S. Baker [mailto:[email protected]] Sent: Monday, July 19, 2010 10:53 AM To: NT System Admin Issues Subject: Re: Anyone mitigating against this yet? Yep, the 0-day is there, but so far the infections are relatively slow. Just a matter of time, though... -ASB: http://XeeSM.com/AndrewBaker On Mon, Jul 19, 2010 at 8:36 AM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: 0day is already out. I don't yet have information as to how dangerous it is. MANY anti-spam solutions already block against incoming LNK files. That may be the only real workaround. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Andrew S. Baker [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, July 19, 2010 8:34 AM To: NT System Admin Issues Subject: Re: Anyone mitigating against this yet? I suspect that this will be patched very quickly. The questions are: -- How many times? -- How long before a fast-speading attack is implemented? -ASB: http://XeeSM.com/AndrewBaker On Mon, Jul 19, 2010 at 3:31 AM, James Rankin <[email protected]<mailto:[email protected]>> wrote: http://www.microsoft.com/technet/security/advisory/2286198.mspx We have autoplay disabled since the Conficker days, but I can't see my users being too happy about disabling shortcut icons. Hmmm. Hope MS patch it up soon. -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
