Researcher Publishes Working Windows 'Shortcut' Attack

All versions of Windows contain the bug.

 By Kara Reeder
Page of   |  Back to Page 1
Print Article
A security researcher known as "Ivanlef0u" has published a working exploit of a critical Windows vulnerability that can be used to automatically run malware simply by getting a user to view the contents of a shortcut folder identified by the ".lnk" extension.

According to Computerworld, all versions of Windows contain the bug. The security advisory explains:

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives.

Microsoft recommends that users edit the Windows registry to disable the displaying of all shortcut icons, and to switch off the WebClient service. But Chester Wisniewski, a senior security advisory with Sophos, says:

This is highly impractical for most environments ... While it would certainly solve the problem, it would also cause mass confusion among many users and might not be worth the support calls.

This article was originally published on Jul 19, 2010
Get the Latest Scoop with Networking Update Newsletter