Microsoft warn of Windows Shell Critical Vulnerability
Microsoft have warned of a critical vulnerability in Windows Shell, caused when parsing .lnk shortcuts that can automatically launch a malicious program through use of a specially crafted shortcut.
The vulnerability affects all versions of Windows including XP and Windows 7. On Windows 7 the exploit can bypass the operating system's security as it does not require administrative privileges to run. The user account control is also not helping in this case as it won't be triggered by the exploit.
In a statement Microsoft said...
Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.
The exploit requires removable-media, such as a USB flash drive, and with auto-play enabled or with the user browsing manually to removable media.
Affected Software Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 1 and Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems
Here is a video that demonstrates the exploit on a PC running Windows 7.
The best way to protect your system against exploits is to use antivirus software that can detect it properly.
Update: Microsoft has patched the vulnerability in recent versions of Windows. If your version of Windows is patched to the latest version, you should not have to worry about it anymore.
Advertisement
Running a malicious shortcut may cause malicious programs to run? Also related articles: Not surprised.