Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.
Reference: http://www.microsoft.com/technet/security/advisory/2286198.mspx
Lots of the article posted regarding W32/Stuxnet-B rootkit exploits a vulnerability in the way Windows handles .LNK shortcut files, that allows them to execute automatically if the USB stick is accessed by Windows Explorer. Even if Windows's Autorun and Autoplay disabled.
Reference: http://www.sophos.com/pressoffice/news/articles/2010/07/stuxnet.html
Details of video demonstration of Windows Vulnerability .LNK shortcut.
0 comments:
Post a Comment