Patch Tuesday a Must Install This Month

Microsoft has fixed two bugs which bypassed Windows security measures. Both were actively exploited before the fix, making it vital to install the updates.

The fixes come in this month's "Patch Tuesday" update, the main monthly security update that Microsoft officially calls the "B update". It should download and install without further action for anyone with automatic updates switched on, but may need a reboot to complete.

Both bugs affect most supported versions of Windows, including 10, 11 and Windows Server. Microsoft rates the two bugs as "important" and "moderate" respectively, though some analysts have suggested that may be underplayed. (Source: theregister.com)

Shortcut To Disaster

The first bug bypasses security checks when a shortcut file is opened. That made it possible to craft malicious shortcut files that pointed not to their supposed target but instead to download and install malware.

The bug has already been exploited in a high profile way by distributing the shortcuts through mislabeled links in online forums for foreign exchange and stock market trading. Once activated, the shortcut installs malware called DarkMe that allows remote access to a computer. It seems highly likely the criminals involved are targeting financial data on victims' computers.

SmartScreen Compromised

The second bug is particularly unfortunate as it involves turning Windows SmartScreen from a defensive measure to a form of attack. SmartScreen is the blue screen message that appears when a user attempts to open a suspicious website or downloaded file. It warns the user of a potential scam and requires them to actively confirm that they want to go ahead regardless.

The bug means attackers could add code to SmartScreen itself. This code could run further malware, for example to access data or stop the computer operating. (Source: microsoft.com)

Given the potential damage, it's a little surprising to see Microsoft categorize the bug as "moderate". That most likely means it's technically difficult to exploit the bug, though Microsoft hasn't given any details other than to confirm somebody has already done so.

What's Your Opinion?

Do you pay much attention to Patch Tuesday? Are you surprised attackers are targeting key security measures? How often does SmartScreen trigger on your computer?