New zero-day "shortcut worm" vulnerability affects all Windows versions
Posted on 20.07.2010
Microsoft published Security Advisory 2286198 on Friday of last week, confirming the existence of a critical vulnerability in all supported versions of Windows.


The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI.

An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.

The shortcut vulnerability was discovered during investigation of the Stuxnet rootkit which has been used in targeted attacks aimed at Siemens SCADA systems. Such systems are used for supervisory control and data acquisition in industrial facilities such as power plants. The shortcut file used in this case is detected as Exploit:W32/WormLink.A.

The situation is now more critical because a publicly available proof of concept was posted to several exploit database sites over the weekend.

Proof of concept exploit code is now in-the-wild and F-Secure fully expects virus writers to utilize this method of attack in the near future.

Sean Sullivan, Security Advisor at F-Secure, says, “This shortcut worm is very dangerous and the seriousness of the situation will increase until Microsoft releases a fix. And because Microsoft Windows XP Service Pack 2 is no longer supported, even the fix won't fully resolve the issue. This is a major concern as F-Secure’s research shows that SP2 is still being used by many organizations.”

F-Secure strongly recommends that companies and organizations migrate to Windows XP Service Pack 3 as soon as possible, or implement Microsoft's suggested workarounds.

Additionally, organizations need to create or review their USB device policy. “This danger can be mitigated with best practices. If a company doesn't have a security policy regarding USB devices, they're at risk. Those that do have a policy should review it and make sure that it's being followed. And this is time critical as summer vacation season is approaching,” says Sullivan.





Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victim’s financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if you’re using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //