“An emergency Windows software update will close a loophole in Microsoft’s operating system that makes it easy for hackers to take control of a computer using shortcuts,” Claudine Beaumont reports for The Independent.
Advertisement: Buy a Mac for college, and get a free iPod touch. Configure your Mac and get fast, free shipping only at the Apple Store.
“Microsoft has confirmed that it will release an emergency, ‘out of band’ patch to close a loophole that made it easy for hackers and cyber criminals to gain remote access to PCs,” Beaumont reports. “The software update will patch a vulnerability in the way Windows XP, Windows Vista and Windows 7 handle shortcuts, also known as .lnk files.”
Beaumont reports, “Microsoft said it had seen a significant ‘increase in attempts’ by hackers over the last few days to take advantage of the loophole, which enables them to take control of a computer by tricking users in to clicking on infected shortcut links.”
Full article here.
[Thanks to MacDailyNews Reader “Another Irish Dude” for the heads up.]
Related articles:
The Microsoft Tax: New attack bypasses every Windows XP security product tested; Mac unaffected – May 11, 2010
The Microsoft Tax: McAfee correctly identifies Windows as malware; Macintosh unaffected – April 21, 2010
The Microsoft Tax: DNS Windows PC Trojan poses as iPhone unlock utility; Mac and iPhone unaffected – April 15, 2010
The Microsoft Tax: 1-in-10 Windows PCs still vulnerable to Conficker worm; Macintosh unaffected – April 08, 2010
The Microsoft Tax: 74,000 Windows PCs in 2,500 companies attacked globally; Mac users unaffected – February 18, 2010
The Microsoft Tax: Widespread attacks exploit Internet Explorer flaw; Macintosh unaffected – January 22, 2010
The Microsoft Tax: Windows 7 zero-day flaw enables attackers to cripple PCs; Macintosh unaffected – November 16, 2009
The Microsoft Tax: Windows 7 flaw allows attackers to remotely crash PCs; Macintosh unaffected – November 12, 2009
The Microsoft Tax: Windows virus delivers child porn to PCs, users go to jail; Mac users unaffected – November 09, 2009
The Microsoft Tax: Worms infest Windows PCs worldwide; Mac users unaffected – November 02, 2009
The Microsoft Tax: Banking Trojan horse steals money from Windows sufferers; Mac users unaffected – September 30, 2009
The Microsoft Tax: Serious Windows security flaw lets hackers to take over PCs; Macintosh unaffected – July 07, 2009
The Microsoft Tax: Windows Conficker worm hits hospital devices; Macintosh unaffected – April 29, 2009
The Microsoft Tax: Conficker virus begins to attack Windows PCs; Macintosh unaffected – April 27, 2009
The Microsoft Tax: Conficker’s estimated economic cost: $9.1 billion – April 24, 2009
Millions of Windows PCs taken over by hackers, including UK and US gov’t machines; Macs unaffected – April 22, 2009
Conficker worm hits University of Utah’s Windows PCs; Apple Macs unaffected – April 13, 2009
Windows Conficker kicks into action, able to steal data from infected PCs; Macintosh unaffected – April 10, 2009
Windows Conficker worm awakens, updates via P2P, begins to drop payload; Macintosh unaffected – April 09, 2009
Millions of infected Windows PCs set to go off on April 1; Macintosh unaffected – March 31, 2009
Millions of infected Microsoft Windows PCs face doomsday on April 1; Macintosh unaffected – March 24, 2009
Windows data-stealing ‘Tigger’ trojan infects stock trading firms; Macintosh users unaffected – March 10, 2009
French navy fighter planes grounded by Windows worm; Mac-based naval systems unaffected – February 25, 2009
Houston courts shut down due to Windows virus; Macs unaffected – February 10, 2009
Windows virus knocks out Vancouver school computers for three weeks and counting; Macs unaffected – January 31, 2009
Massive Windows virus with mystery payload continues to spread rapidly; Macintosh unaffected – January 26, 2009
Massive Windows virus continues rapid spread, also affects Vista, Windows 7; Macintosh unaffected – January 21, 2009
Windows PC worm infection numbers skyrocket; Macintosh unaffected – January 19, 2009
Dangerous new sleeper virus exposes millions of Windows PCs to hijack; Macintosh unaffected – January 16, 2009
Zero-day attack targets all versions of Internet Explorer; Mac users unaffected – December 12, 2008
Windows worm loose on International Space Station; Mac-using astronauts unaffected – August 27, 2008
Microsoft inflicts Internet Explorer 8 Beta; Mac users unaffected – March 05, 2008
Gathering ‘Storm’ superworm poses grave threat to Windows PCs; Apple Macs unaffected – October 19, 2007
Windows virus cripples Florida newspaper; Mac-based publishers unaffected – March 02, 2007
Insidious Windows virus threatens business networks worldwide; Macintosh unaffected – March 01, 2007
Windows ‘Storm Worm’ rages across globe; Apple Macintosh unaffected – January 19, 2007
Sony, Gracenote sound alarm over Microsoft flaw; Macintosh unaffected – September 19, 2006
PowerPoint zero-day attack compromises data in infected Windows PCs; Mac OS X unaffected – July 21, 2006
Windows PC users infected with worm face loss of all Microsoft, Adobe files; Mac users unaffected – January 31, 2006
Microsoft Windows’ Zero-Day WMF flaw threats widespread; Macintosh unaffected – December 29, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Windows users fall victim to huge ID theft ring, 50 banks in danger; Apple Mac users unaffected – August 25, 2005
Quickly spreading Microsoft Windows worm affects CNN, ABC, NY Times; Apple Macintosh unaffected – August 16, 2005
‘Zotob’ worm rapidly infects Microsoft Windows; Macintosh unaffected – August 15, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Microsoft warns of critical Windows flaws; unaffected Mac users just continue working – June 15, 2005
Michael Jackson suicide spam hides Windows virus; Macintosh unaffected – June 10, 2005
Windows Sober.p poised to attack this Monday; Macintosh unaffected – May 21, 2005
Microsoft Windows Sober.P worm shows ‘epidemic’ spread; Macintosh unaffected – May 03, 2005
Anzae/Inzae worm affects all Windows versions after 3.1; Macintosh unaffected – December 28, 2004
Windows Mydoom worm variant spreading in the wild; Macintosh unaffected – November 09, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected – September 13, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Windows ‘Zindos’ virus spreads, attacks Microsoft.com; Macintosh unaffected – July 29, 2004
New Windows Bagle virus variants spread; Macintosh unaffected – July 16, 2004
Windows Lovegate worm variant renders computers useless; Macintosh unaffected – July 08, 2004
Windows Scob virus collects passwords, financial data; Macintosh unaffected – July 05, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Windows users warned of infectious Web sites that take over computers; Mac users unaffected – June 25, 2004
Windows Korgo virus ‘aggressively stealing’ credit card numbers; Macintosh unaffected – June 04, 2004
First Windows 64-bit virus appears; Macintosh unaffected – May 27, 2004
Windows Wallon virus wipes out Microsoft Media Player on infected PCs; Macintosh unaffected – May 12, 2004
Windows Sasser worm mutates, knocks out banks, EC; Macintosh unaffected – May 04, 2004
Windows Sasser worm severely disrupts UK coastguard; Mac users remain unaffected – May 04, 2004
Windows Sasser net worm spreading rapidly; Macintosh unaffected – May 03, 2004
Sen. Edward Kennedy’s Apple Mac-based office totally unaffected by viruses – March 22, 2004
Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected – March 19, 2004
Windows worm, virus outbreaks intensify; Macintosh unaffected – March 03, 2004
Destructive MyDoom.F virus deletes Windows users’ files; Macintosh unaffected – March 01, 2004
Netsky-D Windows worm spreading; Macintosh unaffected – March 01, 2004
Windows users suffer five new Bagle worm variants; Macintosh unaffected – March 01, 2004
New MyDoom Windows worm deletes random files; Macintosh unaffected – February 25, 2004
Windows NetSky e-mail worm spreading; Macintosh unaffected – February 18, 2004
Windows virus ‘Bagle.B’ spreading; Macintosh unaffected – February 17, 2004
‘Doomjuice’ worm emerges, targets Microsoft; Macintosh unaffected – February 10, 2004
New version of Mydoom Windows virus appears, attacks Microsoft; Macintosh unaffected – January 28, 2004
Latest Windows virus ‘MyDoom’ sets new infection records worldwide; Macintosh unaffected – January 27, 2004
‘MyDoom’ Windows virus spreads rapidly; Macintosh unaffected – January 26, 2004
New Windows worm spreading ‘hard and fast’ worldwide; Macintosh unaffected – January 19, 2004
Florida students patch 360 PCs in marathon session due to Blaster virus; their Macs unaffected – October 01, 2003
Pennsylvania school district’s PCs infected with virus; their Macs unaffected – October 01, 2003
New ‘Swen worm’ masquerades as Windows Security Update; Macintosh unaffected – September 19, 2003
University of Illinois still patching all Windows machines; Macintosh unaffected – September 05, 2003
Montana school district’s Windows computers offline due to worm; Macintosh computers unaffected – September 03, 2003
A tale of two school systems: Windows schools crippled while Mac schools unaffected – August 21, 2003
SoBig virus variant rapidly inflecting Windows machines; Macintosh unaffected – August 19, 2003
Windows Blaster worm to attack Microsoft on Saturday; Macintosh unaffected – August 13, 2003
MBlast Worm spreads through flaw in Windows; Macintosh unaffected – August 11, 2003
Hackers hijack Windows PCs for porn serving; Macintosh unaffected – July 11, 2003
Palyh Worm strikes Windows users worldwide; Macintosh unaffected – May 19, 2003
Microsoft bug exposes millions to attack; Macintosh unaffected – November 20, 2002
lmao I love all the related articles. “Macintosh Unaffected”
haha, stupid windows ” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />
It is great to be one of the Mac users that is not *directly* affected, although we all pay a Microsoft tax in one way or another. For instance, the spam from the Windows botnets that plagues us all.
But do not get complacent. Secure is not invulnerable. Be careful to avoid the phishing and trojan attacks and keep your OS and applications updated, and your Mac stands a very good chance of remaining malware-free. Eventually hackers will likely find a hole or two to exploit, but that won’t be the end of the world. It will just be reality stepping in for a brief visit.
Well dang it. Now how am I supposed to use Remote Desktop?
Anybody that pay’s taxes is paying the “Microsoft Tax”, every time this happens every agency in the US Government (except some covert operations that do not use Windows) has to make updates not to mention unnamed sums of money lost thru espionage.
It’s no wonder the boys from Redmond, specially their fearless leader has stopped pushing that Apple TAX BS FUD. The MS TAX is REAL!!!
Whoa. That’s a whole mess of related articles. I don’t think I’ve ever seen so many attached to one story before.
To be fair, has anyone successfully used this vulnerability successfully? If not, we should lay off, because we all defend Apple when there’s an un-exploited vulnerability discovered.
I wouldn’t be crowing too loud about this one, not when iphones can get taken over with a malformed pdf file. Oh you can cry about adobe or safari being the cause, but if that’s all it takes to get owned, you have a serious problem.
kind of like having microsoft
I agree with Christian. We cannot make fun of windows for having an exploitable flaw when our iOS devices are wide open to a completely compromising security vulnerability. It has almost been a week since it went very very public, and even though Apple says they have the fix ready, they still haven’t released it! That’s something to write about.
@aka Christian: “To be fair, has anyone successfully used this vulnerability successfully? If not, we should lay off, because we all defend Apple when there’s an un-exploited vulnerability discovered.”
For the last 2 weeks I have had to deal with a Windows desktop at work with the default Windows error icon for every shortcut and task bar item because our crack IT security team felt it necessary to turn off all icon .lnk files. Whether this vulnerability has been taken advantage of or not it has created a huge PITA for everyone at my company for a couple of weeks now. I have probably a hundred shortcuts to vital files and applications on my desktop, all of which are pretty much useless right now.
The so-called vulnerabilities associated with OS X have not caused me such problems. They are transparent to me and I’ve never had so much as a malware issue on my Macs.
@Shadow/Maconymous: Please try to separate your FUD postings by at least a few minutes. It becomes obvious from the timing, subject matter, and writing style that you’re the same person.
That said, let’s compare apples to apples. Yes, there seems to be an obscure and as yet unexploited vulnerability in some applications under iOS. Comparing that to the abject victimization of a full blown computer operating system is silly. Compare iOS to other mobile OSs. K-Mart is selling a tablet with a pirated version of Android off the shelf at retail! Windows can’t display shortcut icons! Get real.
@zeke
I only post under one name, as I believe it is against MDN policy to use multiples, which gets you banned.
As for you trying to compare apples to apples, you failed. Internet explorer holes, for example, that allow exploits to get root access to windows are no different than safari holes that allow exploits to gain root access to idevices. And by the way, this flaw has been exploited, very publicly, but luckily for a benevolent (if one can say so) way.
I am an owner of iPod, iPhone, and iPad, and I find it silly and ignorant that people are quick to judge other OS flaws, when we are just as affected today until apple finally comes out with a patch. I’m not spreading FUD as you suggest, just calling out some ingorance.
it’s amazing the blogsphere makes a big deal every time some security company reports Macs have “more” vulnerabilities than Windows based on some counting of practically unusable flaws, but constantly shrugs off worst-case zero-day vulnerabilities like this that pop up several times a year for Windows. call it Stockholm Syndrome or just bias, it makes it obvious what gasbags most of them are.
Windows is hopeless. even Windows 7, which was supposed to end these exploits. unless and until MS re-writes the entire OS code from the ground up (which it never will) it will always be riddled with holes like swiss cheese.
the iOS PDF flaw is irrelevant, dude. get a sense of proportion. the millions of ‘bots that are spamming the world with trillions of junk hits are running on Windows. Apple is not invulnerable, but it has won its security war over the years. MS has not just lost that war, it has endangered the whole planet in the process.
@ John
I agree with most of what you say, except for one thing: that this iOS flaw is irrelevant.
Any exploit, I don’t care on what device or OS that one may use, that is publicly known to allow complete control over one’s device without one’s express permission, or even awareness, is completely relevant and critical to the person being exploitable. Since iPhones now hold as much personal and financial info as PCs and Macs, any such flaw on any device or computer is of great concern to the people vulnerable to it. To say otherwise is irresponsible.
I hear you on the point that windows has (too) many of them hindering usability and productivity. But I’m sure you will agree that any device flaw that can be exploited to negatively affect you is very relevant to you.
but it’s not all about me. it’s the big picture that counts more. all OS’s have vulnerabilities. but OS X (and cousin Linux, both branches of the UNIX tree) and its variants are generally difficult to attack with practically useful success at scale, while Windows is generally road kill. it is simply wrong to equate the two situations in any way.
iOS is also just 3 years old. it takes time to find the vulnerabilities. Windows is 15 years old. it should be fixed by now. it ain’t.
I want to know why the fact that a Windoze PC that crashed is what caused the BP oil spill isn’t receiving more press.
http://www.computerworld.com/s/article/9179595/Tech_worker_testifies_of_blue_screen_of_death_on_oil_rig_s_computer
Zeke- Good info. Thanks.
@ Maconymous,
This one iOS exploit, as you call it, was done with direct control of the piece of hardware that was infected, a la a Black Hat Mac exploit. In other words, it was just another Trojan, not an external attack.
Tell me how the bad guys are going to get me to download an infected PDF.
I’m waiting!
While I’m waiting, someone is stealing your Credit Card info off of your Wonderful Windows 7 PC without you downloading a frigging thing.
They are both similar exploits my ass.
Is this a story from last week that MDN just noticed?
Check the date on this link:
Logic Node
@ Maconymous
Then why don’t you resister your name? when you see a non registered reply, you wonder ?
@AI
First, I don’t own a PC, but an iMac (as well as all other idevices). Your personal attack is really unwarranted, very presumptive, and your use of colorful language to express a faulty point is childish, probably because you are trying to downplay or deny what you know is an obvious and serious exploit (a description acceptable by any reasonable technologically-savvy person) that has unfortunately surfaced on an Apple device.
Second, if you had followed the news on how this exploit works, you would know that you never need to click on a link to a PDF. All it takes is a swipe of a menu item or flipping a switch or interacting with any unsuspecting GUI element on a mobile webpage to install anything. I am guessing on this, but I suspect that one can probably automate this interaction on a malicious page that completes this action automatically just by you visiting it, without warning. That is why this is serious.
I have no problems with people who are Apple fanboys, as am I to some extent, believe it or not. What really bothers me is ignorance, arrogance, and unreasonableness to which this leads in some posters’ comments here and elsewhere. I am not defending Windows by any means. I am just saying that people who are downplaying this serious exploit just because it’s on an Apple device are irrational, and those who make fun of windows at the same time are hypocrites.
@hot
I don’t want another password to remember. ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
I’m sure MDN tracks IPs to prevent abuse by using different usernames. Besides, if you look at the history of my posts, you will see that I have asked for help or advice with my idevices, offered productive projections on where I see Apple as going in the future, and also criticized them when I feel they need it. To label me as FUD would therefore be very presumptive, just based on my comments to this post. Even in my posts here, I am not criticizing Apple here, just pointing out the irrational and hypocritical reactions and comments to the posters.
If an exploit is discovered in Windows XP, Vista or 7, should Mac or iOS users be concerned about that the same exploit?
No. These operating systems are vastly different. A venerability in Windows has absolutely no relevance to the UNIX based Mac or iOS.
Yet, one more vulnerability. Was not Windows 7 and Vista supposed to stop this? Sure, we will trust Windows.
@Maconymous.
“First, I don’t own a PC, but an iMac…”
“I don’t want another password to remember”.
A Mac without keychain must be very rare indeed. Don’t ever sell your machine.