http://www.computerworld.com/s/article/9179299/Microsoft_confirms_nasty_Windows_zero_day_bug 

By Gregg Keizer
Computerworld
July 17, 2010

Microsoft on Friday warned that attackers are exploiting a critical 
unpatched Windows vulnerability using infected USB flash drives.

The bug admission is the first that affects Windows XP Service Pack 2 
(SP2) since Microsoft retired the edition from support, researchers 
said. When Microsoft does fix the flaw, it will not be providing a patch 
for machines still running XP SP2.

In a security advisory, Microsoft confirmed what other researchers had 
been saying for almost a month: Hackers have been exploiting a bug in 
Windows "shortcut" files, the placeholders typically dropped on the 
desktop or into the Start menu to represent links to actual files or 
programs.

"In the wild, this vulnerability has been found operating in conjunction 
with the Stuxnet malware," Dave Forstrom, a director in Microsoft's 
Trustworthy Computing group, said in a post Friday to a company blog. 
Stuxnet is a clan of malware that includes a Trojan horse that downloads 
further attack code, including a rootkit that hides evidence of the 
attack.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com