Security news and updates for your enterprise Enterprise Security News News Archives About Us Feedback
August 04, 2010
Critical MS Security Update Leaves XP SP2 And Windows 2000 Systems Out Of Luck
By Taylor Gillespie
Earlier this week, on a Monday and a week before this month's Patch Tuesday, Microsoft uncharacteristically felt compelled to push a security update to remedy a severe system threat that allows remote code execution on all versions of Windows. Security advisories began appearing in mid-July, and Microsoft could not wait a week longer for the second Tuesday of the month, when system administrators expect and plan for system updates and patches, to release the fix.

Many security-oriented organizations that track and follow The National Cyber-Alert System gives a CVSS v2 base score of 9.3, or High, and Secunia rates the criticality level as Highly critical.The exploit also endangers versions of Windows no longer supported by Microsoft, namely XP SP2 and Windows 2000, so the recourse for those using versions of Windows before XP SP3 is to upgrade.

The exploit uses Windows Shortcut files to load arbitrary code, specifically addressed as "Shortcut Icon Loading Vulnerability." Fortunately for most users, this exploit has for the most part targeted Siemens control systems. Adding to the insidiousness, the infected shortcut files can then be set to execute with the autoplay of removeable media. Turning off autoplay can stave off that vector of attack, but does not prevent a malicious shortcut file from user activation.

Continue Reading
Interested in contributing to the Security community?
Can you write expert articles and news addressing security for the enterprise? If so, we are looking for you. Contact techwriters@ientry.com.



Today's Top Videos:
Taking Keyword Research to the Next Level
Are you getting the most from your keyword research? There are many tools that people can master, but to truly advance, people need to find the keywords their customers are looking for, their...
Online Marketing Summit: Educating Marketers
WebProNews attends and covers many different conferences including the Online Marketing Summit. The founder of the event, Aaron Kahlow, tells WPN that OMS is different than other industry events...
Why You Should Advertise on Facebook
"Every Monday, SEO is a new industry." Facebook has a constantly evolving advertising platform, and according to Addie Conner of Avenue100, it provides many new opportunities for...
Recent Articles:
Cisco Warns Of Security Threats To The Enterprise
Businesses need to change their mindset on security to help ensure that their networks and vital corporate information are protected from evolving security threats, according to the Cisco 2010 Midyear Security Report released today.

The increasing use of social networking, the proliferation of network-connected mobile devices, and virtualization - continue to alter the security landscape. As a result, enterprise professionals must act immediately to put effective security practices...
Read More...

Cisco Finds Social Networks, Random...
The results of a new enterprise security survey should be reliable; they stem from a poll involving 500 IT security professionals based in five different countries. They're not likely to make enterprise security experts happy, however, as they...
Read More...
Efficient Enterprises Forecast To Reduce...
While security risks are not going away for companies, efficient and secure enterprises will safely reduce the share of security spending by 3 to 6 percent of their overall IT budgets through 2011, according to a new report from Gartner.
Read More...
Google Said To Be Dumping Windows...
One of the world's most successful technology companies will stop using Microsoft Windows due to security concerns, according to a new report. Unnamed Google employees even hinted that Windows was partly to blame for...
Read More...
Other iEntry Business Resources:
- WebProNews.com
- Jayde.com
- MarketingNewz.com
- SalesNewz.com
- CareerNewz.com
- InvestNewz.com
- eCommNewz.com
- WebsiteNotes.com
- AdvertisingDay.com
iEntry
 
-- EnterpriseSecurityNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2010 iEntry, Inc. All Rights Reserved Privacy Policy Legal