Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 12 MINUTES AGO.
You are here: Home / Windows Security / Microsoft Warns of Shortcut Attacks
Microsoft Warns of Windows Shortcut Vulnerability
Microsoft Warns of Windows Shortcut Vulnerability
By Barry Levine / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
20
2010
Microsoft has released a security advisory addressing a vulnerability in the way Windows parses shortcuts. In Advisory 2286198, issued Friday and updated Monday, the software giant said "malicious code may be executed when a specially crafted shortcut is displayed," even without any user action to run the executable. The company said it is working on a security update.

In the advisory, Microsoft said the vulnerability "is most likely to be exploited through removable drives." It added that, for systems with AutoPlay disabled, users would have to manually browse to the compromised folder in the removable drive for the vulnerability to be exploited. Windows 7 automatically disables AutoPlay functionality for removable disks.

Microsoft Suggestions

Until a fix is issued, Microsoft suggests that icons for shortcuts be disabled, but, as some observers have noted, this is highly problematic in a visual-based interface. Another suggestion from Microsoft is disabling the WebClient service used for WebDav, which, for SharePoint users, could also be a problem.

The vulnerability affects all currently supported Windows versions. These include XP Service Pack 3, XP Pro x64 Edition Service Pack 2, Server 2003 Service Pack 2, Server 2003 x64 Edition Service Pack 2, Server 2003 with SP2 for Itanium-based Systems, Vista Service Pack 1 and Service Pack 2, Vista x64 Edition Service Pack 1 and Service Pack 2, Server 2008 for 32-bit Systems and Server 2008 for 32-bit Systems Service Pack 2, Server 2008 for x64-based Systems and Server 2008 for x64-based Systems Service Pack 2, Server 2008 for Itanium-based Systems and Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Server 2008 R2 for x64-based Systems, and Server 2008 R2 for Itanium-based Systems.

XP Service Pack 2 and Windows 2000 are no longer supported by Microsoft, so a patch for those operating systems isn't likely.

'Major Oversight' in Windows

Chester Wisniewski of the Sophos security firm posted on his blog that he followed Microsoft's advice for a workaround by disabling the rendering of icons. But, he added, the workaround made his taskbar "nearly entirely unusable," and it "seriously degraded the usability of the Windows desktop."

He noted that it's useful to think of the attack as two pieces -- one is "a new zero-day vulnerability that could easily be adopted by any malware author," and the other is targeted for "some very specific infrastructure." Unless the user runs a power plant, water system, or similar industrial system, Wisniewski wrote, it's best to concentrate on the zero-day flaw.

Wisniewski passed on a colleague's recommendation that the best short-term fix is to disallow executables not on the C drive, or only allow execution from specific paths.

He said the problem is how shell32.dll attempts to load control-panel icons from applets. If a specially made shortcut points to a malicious file, Windows Explorer will execute it simply by browsing to the location. "Allowing executable code to load in the process of trying to retrieve an icon seems like a major oversight in the design of Windows," he observed.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN WINDOWS SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.
--- 441