Researcher Publishes Working Windows 'Shortcut' Attack

All versions of Windows contain the bug.

By Kara Reeder | Posted Jul 19, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
A security researcher known as "Ivanlef0u" has published a working exploit of a critical Windows vulnerability that can be used to automatically run malware simply by getting a user to view the contents of a shortcut folder identified by the ".lnk" extension.

According to Computerworld, all versions of Windows contain the bug. The security advisory explains:

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives.

Microsoft recommends that users edit the Windows registry to disable the displaying of all shortcut icons, and to switch off the WebClient service. But Chester Wisniewski, a senior security advisory with Sophos, says:

This is highly impractical for most environments ... While it would certainly solve the problem, it would also cause mass confusion among many users and might not be worth the support calls.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter