Until now, only workarounds were available to protect Windows systems from those attacks. This included a Microsoft Fix-IT solution, third party software to detect and block malicious LNK files, and a Stuxnet Rootkit Remover to clean infected computer systems from common Stuxnet variants.

Security software, like Microsoft Security Essentials offer protection against known attack forms as well.

lnk stuxnet attacks

The increase in attacks however made it necessary to patch the security vulnerability, so that attacks and exploits of the vulnerability become useless on patched systems.

The security patch has “achieved the appropriate quality bar for broad distribution to customers”, according to a blog post at the Microsoft Security Response Center.

The attacks are currently spreading mainly in a handful of countries, including Brazil and the United States

stuxnet attacks

The out of band security patch will be released on Monday, August 2, 2010 at or around 10 AM PDT. Additional information about exploitation of the vulnerability is available at this Technet blog post.

Computer users should look out for the security patch on August 2. It will be distributed through Windows Update, Microsoft Download and other official channels.

The solution back then was to clean the computer system first by running up to date rootkit detection software before installing the security patch.

Two updates have been released on the issue by Microsoft which are both worth mentioned. The patch has been redesigned by Microsoft to block the patching if “abnormal” conditions exist.

If these conditions are detected, the update will not be installed and the result will be a standard Windows Update error.

Microsoft has furthermore released a fix it script that can be used to determine if a computer system is compatible with the security update that is described in the security bulletin MS10-15.

The fix it solution can be accessed here. It is recommended to run it first before trying to install the security patch. The Fix It solution will only report if the patch can be installed without difficulties. It will however not resolve the issue if it returns negative.

Microsoft Security Essentials will detect and remove the rootkit responsible for the blue screens that appear after patching the operating system.

The security vulnerability can be fixed the following way. Type in about:config in the Firefox address bar and hit enter. Now filter for the term javascript.options.jit.content and double-click it afterwards to set it to false which disables the Tracemonkey JavaScript engine. This in turn could (and most likely will) reduce the JavaScript performance of the Firefox 3.5 web browser until an official security patch is provided by the Mozilla Firefox team.

The security patch is expected to be released soon by the Firefox development team. Stay tuned, we keep you updated.