Hi everyone,

Bill Sisk here.  This week we became aware of publicly disclosed exploit code being used in limited attacks on customers.  This change in the threat landscape has prompted us to update last week’s Security Advisory 943521 and triggered our Software Security Incident Response Plan (SSIRP).  

Third party applications are currently being used as the vector for attack and customers who have applied the security updates available from these vendors are currently protected.  However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability – they just close an attack vector.

As part of our SSIRP process we currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution. Because ShellExecute is a core part of Windows, our development and testing teams are taking extra care to minimize application compatibility issues. 

To help protect yourself during the interim we continue to recommend that you should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources and/or visiting untrusted websites.  This is absolutely one of the most effective ways to help protect yourself from a variety of threats on the Internet today.  

As always, we will be working with our Microsoft Security Response Alliance partners throughout this incident to provide them information on the vulnerability and attacks we see to help better protect our mutual customers.

Again, while we have seen active exploit, these attacks are fairly limited at this time but we wanted to let you know we are working around the clock to monitor the situation and get an update out to help protect you from these malicious attacks as soon as possible.  As always we will be keeping you updated through the MSRC Blog.

Bill

*This posting is provided "AS IS" with no warranties, and confers no rights.*