Yesterday I told you about the vulnerability in how Windows handles shortcuts, and that it looks like a dangerous flaw. Well, Computerworld has a story today that shows just how perilous this bug could prove to be.
Various Internet entities that monitor computer threats, like the Internet Storm Center, have elevated warnings, meaning that the danger is higher. The Computerworld story quotes one analyst as saying: "Although we have not observed the vulnerability exploited beyond the original targeted attacks, we believe wide-scale exploitation is only a matter of time."
This flaw is what's known as a "zero-day" vulnerability, meaning it's one for which no fix exists yet. Microsoft is working on it, however. It updated its security advisory yesterday, adding this language: "Microsoft is currently working to develop a security update for Windows to address this vulnerability."
Microsoft didn't say when it would issue a patch, but you can be assured that security teams are working on this around the clock. This is the kind of fix it needs to get right the first time; it must be extensively tested. Once released, I believe Microsoft will issue an "out of band" patch. That means it will be released before Microsoft's normal "Patch Tuesday" release, when it normally issues software updates and fixes.
As I noted before, this affects all current versions of Windows, including XP, Vista and Windows 7. I'll update this as more information becomes available.
Cool shortcuts, very useful. Thanks a bunch!!! I found a few more shortcuts here: http://www.usingcomputers.co.uk/tutorials/useful-windows-shortcuts.php its worth taking a look at combined with this article. Thanks, keep up the good posts!
Big Thanks
