Microsoft’s Shortcut Vulnerability
Friday, July 30, 2010 21:04
A little over a week a go, Microsoft announced that Windows could be attacked using a shortcut vulnerability that would allow attackers to infect a Windows computer with the use of a drive-by download attack. You can read details of it on the Microsoft’s Security Advisory webpage.
Basically, Windows contains a flaw in how it handles shortcut files. If an attacker creates a malicious shortcut file, the attacker can automatically execute malware whenever a user views the contents of a folder that contains the malicious shortcut file.
The Shortcut Attack
According to the latest research, all versions of Windows are vulnerable, including Windows 2000, Windows XP, and all newer version of Windows including Windows 7. When an attacker sets up a web site or a remote network share containing the malicious shortcut file, a person simply has to browse the site using Internet Explorer browser or Windows Explorer for Windows to try and load the malicious shortcut file. These are called drive-by attacks which are especially dangerous forms of attack since they do not require any action from the computer user other than to browse the malicious website or a legitimate website that has been compromised.
Right now, it does not appear that the attack works on Firefox or Google’s Chrome browser. It does work on Internet Explorer 6 and newer versions of the browser. On the newer version of Internet Explorer, however, it does require some user interaction before loading. These drive-by attacks using the shortcut vulnerability work using Internet Explorer 6, 7, 8, and 9 with Windows XP but not on the newer Windows 7 operating system. Windows 7 creates some pop-up warnings which might protect the computer user if they understand the pop-up warnings.
The Security Fix
At the present time, Microsoft does not have a patch for this shortcut vulnerability but they have come out with an automated “Fix It” tool that will allow users to automate the process of turning off shortcuts. The problem with this is that icons on the desktop, taskbar and Start Menu are transformed into generic white icons when the “Fix It” tool is used. This makes it impossible to tell at a glance what icons represent your browser, a Word document, or other files or applications.
Microsoft has also advised network administrators that they can defend against the attacks by blocking shortcut files at the perimeter of the network. Until there is a patch from Microsoft, watch your browsing habits. Also, use the “Fix It” tool if you can use Windows with all the icons looking the same, and block shortcut files, if you can, on the perimeter of the network.
Related posts: