Home > Privacy, Security > Shortcut Worm Vulnerability Affects All Windows Versions

Shortcut Worm Vulnerability Affects All Windows Versions

  Submitted by HAL2001 Privacy, Security 2 Comments

Microsoft confirmed the existence of a critical vulnerability in all supported versions of Windows. The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut’s icon is loaded to the GUI. An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.

About The Author

David Adams

Follow me on Twitter @david_adams

2 Comments

  1. 2010-07-21 4:26 am
    BlueofRainbow

    It’s somewhat surprising that an icon for a shortcut-link could be exploited in this fashion. Given that this impacts all versions of Windows, it is to wonder whether this relies on a never-documented feature of Windows Explorer and the links.

    Anyways, it will not take many more such exploits to go un-patched by Microsoft for IT Departments to physically remove all USB ports from the corperate systems.

    • 2010-07-21 10:15 am
      lemur2

      Anyways, it will not take many more such exploits to go un-patched by Microsoft for IT Departments to physically remove all USB ports from the corperate systems.

      http://blogs.computerworld.com/16559/can_windows_kill_the_internet

      The LNK vulnerability is an obnoxious little security hole that’s present in all versions of Windows from Windows 2000 on up. There are now numerous attack programs that can use a malicious shortcut file, identified by the “.lnk” extension, to automatically run malware. All a user has to do is view the contents of a folder containing the infected shortcut, and, ta-da, the program is wreaking havoc.

      Early versions of the attack required users to plug in a USB key with the malicious software. If that were still required, this would be a minor problem. Now, however, exploits exist that can launch attacks over SMB (Server Message Block) file shares and Windows’ WebClient services. While often used over a LAN, these services can also be used over the Internet. And, of course, such tried-and-true-virus-spreading methods as sending a LNK file over an IM (instant message) or in an e-mail will also spread it.

      Once in place, a LNK-based malware can do pretty much anything it wants to your Windows PCs — send someone your credit-card numbers, zap your system, whatever. Or, and this is where it gets even more dangerous, it could be used to take over or knock out SCADA (supervisory control and data acquisition) control systems used to control industrial machinery in power plants and factories. In short, this is software that can use Windows not just to exploit Windows users, but to commit cyber-episonage or warfare

      Even Microsoft is worried enough about this vulnerability that the guys from Redmond said, “Anyone believed to have been affected by this issue … should contact the national law enforcement agency in their country.”

      My bold.

      Edited 2010-07-21 10:16 UTC