HP Synaptics Vulnerability

HP has confirmed that it’s Synaptics Touchpad Driver has a vulnerability that can allow it to be used as a keylogger and has posted a fix: HP Security Bulletin. Scroll down the page for your HP or Compaq model under Product Name and install the software update from the link to the right of the entry that corresponds to your HP/Compaq model.

Windows LNK Vulnerability Patched

On Monday, Microsoft issued an Out of Band Security Update for Windows 7, Vista, and Windows XP (SP3) to stop the spread of a vicious new worm taking advantage of a vulnerability in Windows LNK (shortcut) files. The vulnerability is already being used by malware. The update (KB2286198) will automatically install if you have Windows Update enabled. If you don't currently use Automatic Updates, you need to install the patch without delay.

DirectShow Vulnerabilities

Users of Internet Explorer in Windows 2000 and XP are being targeted thanks to a Video Active X exploit in DirectShow that is allowing PCs to become compromised.

Many websites have been hacked with a malicious script that checks for the vulnerability and if you visit the website with Windows 2000 or XP and do not have the vulnerability patched, the site will attempt to re-route you to a malicious site that will silently download and execute a keylogging program.

In addition to this latest exploit is another vulnerability in DirectShow that has not been patched by Microsoft either and affects ALL browsers. Both vulnerabilities are dangerous and considered “drive by downloads“.

Patches for these exploits are not yet available via Windows Update but Microsoft has created Advisories for each and Workaround fixes that can be used in the meantime to mitigate your risk.