A wolf in sheep's clothing. Could one liken that to your innocent looking USB stick, which if you are a Windows user, may contain more than just your data.....Or how about a representation of some of the MVP "awardee's" - I think it can quite easily be applied to both.

The summer provides many of us with a nice holiday or two and whilst the IT scene seems to dry up a little (in respect of the subjects I like to write about) Microsoft has had its fair share of woes over the last week.   Lets cover one now, another vulnerability of Windows.

Microsoft is issuing a patch on Monday the 2nd of August for a vulnerability found in all versions of Windows (shock, horror, a vulnerability in Windows? Never!)

This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on August 2, 2010. The bulletin addresses a security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being exploited in malware attack

You can find that release here: https://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

Krebs on security reported it as:

a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages what appears to be a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.

How much longer are people going to suffer these repeated attacks?  Remember what Dell had to say about Linux? (before the comments were taken down) According to the Microsoft faithful, we should take heart in the fact that it’s because Windows is so well deployed.  I’m sure that’s consolation to the many Windows victims around the world.  Maybe the best way to defend a Windows PC against exploits is to become a Microsoft MVP. 😉 According to one their “finest” he’s never been a victim.  I can’t recall any other MVP’s complaining, according to the them everything is just great. (except if you mention the Windows 7 Phone freebie, but we will cover that in another article)

Why do I look repeatedly at the MVP program?  Because I think it is damaging to independent opinion.  Ever seen an MVP champion OO?  Or what about FF over IE?  Lets not forget this MVP,  which after complaining to Microsoft directly, they seem happy to let that individual retain the MVP status.  I think that says it all.  As Ive said many times before, I have no problem with Windows advocates.  I have a problem with underhanded tactics and rather dubious (to me) scheme which retain people’s loyalty.  One such scheme in my opinion is the MVP program.  So take a look at my previous link and see an example of what Microsoft calls “Most Valuable”.

Lets end on part of the closing statement from http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ (in relation to this new vulnerability)

it could soon become a popular method for spreading malware.

Happy times are here again.  Now Windows malware is not only on your desktop, it’s on that innocent looking USB stick in your pocket.

Goblin – bytes4free@googlemail.com

If you are new to this blog (or have not yet read it) please take time to view the OpenBytes statement, here.