Microsoft outs emergency Windows patch

Microsoft is delivering an out-of-band security bulletin today.

The bulletin addresses an unspecified security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being exploited in malware attacks.

The hole being patched is thought to be a LNK flaw in the Windows shell which is being exploited by the Stuxnet worm, which is spread via infected USB drives to PCs. Microsoft has been monitoring this worm here since mid-July

Most reported attacks have been coming from the US, Indonesia, India, and Iran - an unlikely axis of evil.

Microsoft's "out-of-band" security fixes have become rather rare of late, suggesting that this flaw has become a big deal. Initially around a thousand PCs per day were being infected but this number jumped significantly as the worm spread and new malware targeting the vulnerability began to appear.

You can find details of how the patch the hole here.