Security organizations today raised Internet threat levels to warn users that they expect widespread attacks using exploits of a just-acknowledged critical bug in all versions of Windows.
The Internet Storm Center (ISC) pushed its Infocon threat indicator to "Yellow," a rare move, while Symantec also bumped up the status of its ThreatCon barometer to "Elevated."
[ Also on InfoWorld: "Second variant of Stuxnet worm strikes." | Siemens has warned users not to change their passwords after a worm attack. | InfoWorld's Woody Leonhard explains the workings of the new rootkit exploit. | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Today's shift by ISC was the first Yellow since July 2009, when the group alerted users of a vulnerability in Office Web Components , a set of ActiveX controls for publishing Microsoft Office content to the Web and for displaying that content in Internet Explorer (IE).
"The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch," said Lenny Zeltser, an ISC security analyst, as he explained the higher threat level . "Although we have not observed the vulnerability exploited beyond the original targeted attacks, we believe wide-scale exploitation is only a matter of time."
Last Friday, Microsoft confirmed that attackers can use a malicious shortcut file, identified by the ".lnk" extension, to automatically execute their malware by getting users to view the contents of a folder containing such a shortcut. Malware can also automatically execute on many systems when a USB drive is plugged into the PC.
All versions of Windows, including the just-released beta of Windows 7 Service Pack 1 (SP1), as well as the recently retired Windows XP SP2 and Windows 2000, contain the bug.
Many of the attacks spotted so far have been aimed at major manufacturing and utility companies. Last week, Siemens alerted customers of its Simatic WinCC management software that attacks using the vulnerability were targeting computers used to manage large-scale industrial control systems, often called SCADA, for "supervisory control and data acquisition."
Symantec also boosted its ThreatCon indicator from the usual Level 1 to Level 2, dubbed "Elevated." Like the ISC, Symantec said it made the move because of the advisory Microsoft issued Friday and the expectation of increased attacks.