Running Windows? Shut off shortcut icons.

Trend Micro’s ConterMeasures:

On the 16th of July Microsoft released Security Advisory 2286198 confirming an as yet unpatched vulnerability in Windows Shell that exposes all users of all current versions of Microsoft Windows to very real risk of attack and infection.

According to Microsoft “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.”  So what does that mean in plain language?

It means that if any user of Microsoft Windows opens a folder containing a shortcut which has been designed to exploit this vulnerability, they will be infected.  No opening of files required, simple browsing is enough.

Although Microsoft have stated that “This vulnerability is most likely to be exploited through removable drives” users should be on their guard against all shortcut files whose authenticity they cannot guarantee.  This same vulnerability could be exploited though contaminated file shares or something as simple as a malicious compressed archive such as a zip file.

Or a malicious shortcut on a web page, or even an Office document(!).^[1]

At this time there is no patch to fix this available. Microsoft does have a workaround here; applying it makes Windows display a generic icon rather than the application’s special one.

This exploit was first discovered in a trojan targeting Siemens SCADA control systems, but has now been spotted in the wild.

Elsewhere:
-----

Posted by: Old Grouch in Linkage at 17:16:11 GMT | No Comments | Add Comment
Post contains 322 words, total size 5 kb.