Latest Windows Security Fix Could Be Difficult

Recently a security bug has been discovered in the Windows operating system. The vulnerability involves the Windows shortcut feature, which is a desktop link allowing users to quickly access files and applications they most utilize. Within the Microsoft advisory that was released, it states, “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.” The exploit is such that an attack can be executed compromising the computer system as well as executing a malicious application or piece of code without requiring user intervention, and has the ability to circumvent the Windows User Account Control and the security features built within Windows 7.

Microsoft continues to explain, “This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the affected folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.” While Microsoft is working to develop a security patch to address this situation, there will be no fix is available for Windows 2000 or Windows XP Service Pack two as these operating systems are no longer supported by Microsoft.

An antivirus researcher with Kaspersky Lab, Roel Schouwenberg, said, “The way Windows shortcuts are design is flawed, and I think they will have a very hard time patching this.” His prediction is based upon the fact that Microsoft until now has never come across security issues with their shortcuts and have no current security process concerning this situation they can quickly fix. Microsoft has confirmed hackers can utilize a malicious file with the LNK extension to automatically run their malware whenever users wish to view the contents of the folder that has a flawed shortcut. There is even a greater risk if the hackers use an infected USB flash drive to increase the spread of their attack, as it will automatically execute when the computer system as soon as the USB drive is plugged into a port.

Every version of Windows is susceptible to the attack, including the newly released beta version of Windows 7 Service Pack one. This current exploitation has been used by hackers to get control of Siemens computer systems. Siemens has informed their customer base of the situation, as the malware will attack large scale industrial systems of utility companies and major manufacturing businesses.

Another concern that may slow the availability of a fix is the age of the code, making a quick fix to this problem more difficult. This vulnerability dates as far back as Windows 2000. Schouwenberg adds, “I'm quite amazed that the bug hasn't been found before by researchers or by Microsoft. I would've figured that Microsoft would have caught this. But the fact that it's tied so closely with the operating system may have been a problem. It's always possible that Microsoft will find some very clever idea that will let them fix this quickly.”

Windows 7 courses teach the basic and advanced concepts, functionality, and the enhanced and revised features that have been added to Microsoft's operating system. Everything from the new user interface to the power management, memory management, device management, the Libraries feature, the revised User Account Control another security functionality, and more, is taught in instructor led tutorials. K Alliance is a popular and well-respected source of Windows 7 training long with many other notable training courses.

About Us: Expert Training holds a large amount of online IT training videos designed to enhance your personal and professional capabilities. Everything from business soft skills to IT certification training to desktop training courses can be found and utilized within Expert Training. SharePoint Server 2010 training courses allow organizations to retain their important information in one central location allowing for the ease of streamlining their business processes. Expert Training is the best resource for online training courses.