MS ships temporary 'fix-it' for Windows shortcut zero-day attacks

Summary:Microsoft has released a "fix-it" tool as a stop-gap to block ongoing zero-day attacks against a new code execution flaw in Windows Shell.

Microsoft has released a "fix-it" tool as a stop-gap to block ongoing zero-day attacks against a new code execution flaw in Windows Shell.

The attacks, which incorporate signed drivers from RealTek and JMicron, are spreading locally via malicious USB drives or remotely via network shares and WebDAV.

Microsoft has posted a pre-patch advisory that spells out the problem:

follow Ryan Naraine on twitter

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.

The flaw could also be exploited to launch drive-by downloads against users Windows running Internet Explorer:

An attacker could also set up a malicious Web site or a remote network share and place the malicious components on this remote location. When the user browses the Web site using a Web browser such as Internet Explorer or a file manager such as Windows Explorer, Windows will attempt to load the icon of the shortcut file, and the malicious binary will be invoked. In addition, an attacker could embed an exploit in a document that supports embedded shortcuts or a hosted browser control (such as but not limited to Microsoft Office documents).

In the absence of a patch, Microsoft is recommending that users run the automated "Fix-It" tool to disable the vulnerable .LNK and .PIF file functionality Windows machine.

Topics: Enterprise Software, Microsoft, Windows


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.