On July 16, Microsoft released Security Advisory 2286198 confirmed the Windows shortcut flaw that exposes all windows user of all current versions of Windows system to very serious attacks, including fully patched Windows 7 system.
Just by opening a directory containing the infected shortcut will get user infected. Once the infected shortcut icon is displayed in Windows Explorer, malicious code is launched without any further user interaction. Hackers have already developed malware that spreads via USB sticks, using this vulnerabilities. Independent security researcher Frank Boldewin had found the attack is currently targeted toward the WinCC SCADA system by Siemens. “Looks like this malware was made for espionage,” Boldewin writes.
On Sunday, a researcher known as “Ivanlef0u” published aproof-of-concept code to several locations on the Internet. There is already a Metasploit module that implements the exploit with the WebDAV method.
To protect yourself from the attack, Microsoft suggests disabling the displaying of icon for shortcut and turning off WebClient service as workarounds against possible attacks. Please reference Microsoft advisory for details of how to “Disable the displaying of icons for shortcuts“. Another way to protect yourself is to use Didier Stevens’ tool Ariad .
Additional information on the flaw can be found in a blog post by the SANS Institute’s Internet Storm Centre here.
source:
Experts Warn of New Windows Shortcut Flaw
MS confirms Windows shortcut zero-day flaw
Preempting a Major Issue Due to the LNK Vulnerability – Raising Infocon to Yellow
