Microsoft is warning users about a critical security flaw that affects all versions of Windows. The flaw involves .ink files, which are the shortcuts that are displayed on the desktop. Hackers are creating malicious .ink files and distributing them via USB drives and other methods including peer to peer networks. To become infected all the user has to do is view the file. The malware installed is called Stuxnet. It installed a Trojan that downloads other malware including a rootkit that hides all evidence of the attack. The malware bypasses ALL of the security measures in Windows including User Account Control prompts and the disabling of AutoPlay and AutoRun.
This malware is EXTREMELY dangerous. The malware is designed to look for SCADA (systems, which run factories, power plants, etc. In other words, it’s looking to cause havoc with the systems that run our governments, infrastructures, factories, power and manufacturing plants and other critical systems, Very nasty. Supervisory Control and Data Acquisition)
Microsoft investigated the hole, acknowledged it, and inexplicably said they have no plans to fix it! Unbelievable. If they change their minds those still using XP SP2, Windows 2000, or Windows 98 or below will be left out in the cold. The company says they will not issue security patches for any version of Windows they no longer support and those users will have to upgrade to XP SP3, Vista, or Windows 7 to get the patch.
Unless Microsoft comes to their senses the only way to block attacks is to disable the display of shortcuts and turn off the WebClient service. Doing so however requires editing the registry, which is not something to be taken lightly and only experienced users should even attempt it.
If you’re using an older version of Windows now would be a VERY good time to upgrade. You are simply not going to be protected from threats like this if you don’t.
Read [PCWorld]
I agree with the Microsoft, it's the right measure.thanks