Microsoft Confirms Zero-Day ''Shortcut'' Exploit
There's a shortcut exploit affecting all versions of Windows from XP SP2 to Windows 7
Friday Microsoft confirmed a zero-day exploit that is associated with using an infected USB flash drive on systems with Windows XP SP2 up to Windows 7. Apparently researchers have warned Microsoft about the exploit for a little over a month.
According to the company, hackers are exploiting a bug in Windows "shortcut" files. "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut," the company said.
For consumers who have AutoPlay disabled, they would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.
"In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware, a threat family already known to the Microsoft Malware Protection Center," said Dave Forstrom, a director in Microsoft's Trustworth group. "The MMPC has a blog post with more technical discussion of Stuxnet."
Until Microsoft addresses the exploit in a patch, the company suggests that users disable the displaying of icons for shortcuts. This means that consumers will need to edit the HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler key in the registry. Although this shouldn't be a problem for knowledged users, inexperienced consumers could make the problem worse.
"This is highly impractical for most environments," said Chester Wisniewski, a senior security advisory with Sophos. "While it would certainly solve the problem, it would also cause mass confusion among many users and might not be worth the support calls."
The exploit problem gets worse. Sunday a security researcher known as "Ivanlef0u" published proof-of-concept code on the Internet that takes advantage of the exploit. When tweaked, the code could be used in an effective attack.
Belgian researcher Didier Stevens created a tool to combat against the shortcut security flaw, however he warns that inexperienced users shouldn't install it. The tool and notes can be found here.
- Alleged Russian Spy Worked at Microsoft
- Intel Will Fully Update Celeron, Pentium to 32nm
- AMD Selling More CPUs, Posts Record Quarter Too
- Who Offers the Best Tech Support for Laptops?
- MSFT Co-founder Giving Half of His Money Away
- Indie Developer Tells Epic To F**K Off
- OWC Ships SSDs with SandForce SF-1232
- Nvidia: PCs are Archaic; Mobile is The Future
- This is the $100 Civilization V Special Edition
- ADATA's S596 Turbo SSD Offers Two Interfaces
- Seagate External Network HDD Sends RSS Feeds
- HP Files ''PalmPad'' Trademark for WebOS Tablet?
- Nokia Siemens Buys Motorola's Networking Arm
- Intel Slips Out New 3.2GHz Core i7-970 Gulftown
- Dell Introduces Precision Laptop With 32GB RAM
- Activision: We're NOT Charging for Online Play
- Crytek: Crysis 2 Will Have Best AI Ever in a Game
- Be A Hero: Sign Up to DC Universe Online Beta
In a business environment, any admin worth his chips will have disabled those damn usb thumb drives.
I'm also sure that the AV makers have already pushed out new updates to protect against this threat.
All covered until MS get the update out. Phew.