Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. An attacker may exploit this issue to execute arbitrary code. The attacker must entice a victim into viewing a specially crafted shortcut. NOTE: This issue is being exploited in the wild as malware W32.Temphid. This issue affects Microsoft Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008.
Microsoft Windows' Shortcut "LNK" Files Automatic File-Execution Vulnerability
Interesting that MS does not list Windows 7 Enterprise Edition in their list of affected versions of Windows.
There must be a lot of the free trial version in use ... available for the rest of 2010
Microsoft Windows is prone to a previously un-known and un-patched vulnerability that affects Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008. Successful exploitation may allow remote attackers to execute arbitrary code and take control of the system.
The vulnerability is triggered when a user opens a folder that contains maliciously-crafted files. This vulnerability is being exploited by the W32.Temphid malware to ensure that malicious code executes when an infected U.S.B. Drive is inserted into a computer and Opened.
Attackers may also exploit this issue remotely by enticing a user to visit a malicious Web Site, or open a malicious Network Share. The flaw is trivial to exploit in a reliable and stealthy way. A proof-of-concept code is also publicly available. The symantec DeepSight Team expects this issue to be incorporated by attackers to carry out remote drive-by download attacks in-the-Wild.
Microsoft published an advisory describing a recommended workaround for this issue.
Other recommended mitigation strategies include:
- Do not use portable media that is Not Trusted.
- Make sure that Anti-Virus software is up-to-date.
- Use stringent egress Filtering for U.N.C. shares whenever possible.
- Avoid browsing to Un-Trusted Web Sites or network shares and clicking Un-Trusted Web Links.
More information is available at the following locations:
Microsoft Windows' Shortcut "Link" Files Automatic File-Execution Vulnerability:
http://www.securityfocus.com/bid/41732.
Microsoft Security Advisory (2286198):
Vulnerability in Windows Shell Could Allow Remote-Code Execution:
http://www.microsoft.com/technet/security/advisory/2286198.mspx.
Microsoft has released a Security Update to address this issue which users should install as soon as possible; more information is available here: Microsoft "Patch Tuesday".