Don’t take shortcuts

Don't take shortcuts

picture from bradleygee's Flickr photostream under Creative Commons.


 
On the 16th of July Microsoft released Security Advisory 2286198 confirming an as yet unpatched vulnerability in Windows Shell that exposes all users of all current versions of Microsoft Windows to very real risk of attack and infection.
 
According to Microsoft “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.” So what does that mean in plain language?
 

It means that if any user of Microsoft Windows opens a folder containing a shortcut which has been designed to exploit this vulnerability, they will be infected. No opening of files required, simple browsing is enough.

 
Although Microsoft have stated that “This vulnerability is most likely to be exploited through removable drives” users should be on their guard against all shortcut files whose authenticity they cannot guarantee. This same vulnerability could be exploited though contaminated file shares or something as simple as a malicious compressed archive such as a zip file.
 
Worryingly, the malware that was first exploiting this vulnerability appeared to be highly targeted, looking for Siemens WinCC SCADA systems, SCADA systems are routinely used in the control of utilities such as power and water and also in large-scale manufacturing. Siemens were warning their customers of this as early as July 14th.
 
The source code for this malware is now in open distribution, (and incorporated into the Metasploit framework) and we can expect to see widespread criminal adoption of this technique from this point.
 
For now the best defence against attacks is contained within the Microsoft Security Advisory; disable the displaying of icons for shortcuts and disable the WebClient service.
 
Further details on Trend Micro’s detection of the malware involved are available on the TrendLabs blog. Please be aware this is a breaking situation and further malware will take advantage of this same vulnerability.

3 thoughts on “Don’t take shortcuts

  1. Ian Draper

    I have never liked having windows short-cuts as they have caused problems before and now finally we have to have a possible trojan attack. When will these sofware providers learn a lesson from the people who use their products and ask us for our feedback?

    Thanks for letting me comment – regards Ian

    Reply
  2. Pingback: Yellow alert over Windows shortcut flaw: ‘Wide-scale exploitation is only a matter of time’ « Ryan's PC Repair Shop

  3. Pingback: Tweets that mention Don’t take shortcuts » CounterMeasures -- Topsy.com

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>