UPDATE: Should you be worried about the Windows "LNK" vulnerability?
Summary: I'm getting a lot of emails about the recently discovered LNK exploit which makes nefarious use of the way Microsoft parses links and shortcut icons. Is it a big deal? Should you be worried? Should you just switch off your PC, unplug it and start using an abacus (or Mac? ... or Linux?)?
I'm getting a lot of emails about the recently discovered LNK exploit which makes nefarious use of the way Microsoft parses links and shortcut icons. Is it a big deal? Should you be worried? Should you just switch off your PC, unplug it and start using an abacus (or Mac? ... or Linux?)?
... breathe ... breathe ... oh, and DON'T PANIC!
First, some information as released by Microsoft.
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.
Here's a description of the vulnerability
What causes this threat? When attempting to load the icon of a shortcut, the Windows Shell does not correctly validate specific parameters of the shortcut.
In other words, a design flaw.
This vulnerability is present in 32-bit and 64-bit flavors of Windows XP, Server 2003, Vista, Server 2008, Windows 7 (including beta Service Pack 1) and Server 2008 R2 (including beta Service Pack 1). As you'd expect, Mac and Linux are unaffected.
Microsoft is working on an update, but as present there's no timeline for when a patch will be released.
While attacks using this do seem to be sophisticated, they are at present very limited in nature. Looks like someone crafted this attack for a specific job. The good news from that is that this vulnerability isn't in wide circulation. So while it could be loaded onto a USB flash drive or CD, or even leveraged remotely via network shares and WebDAV, the chances of you being affected by this vulnerability is as close to zero as to be zero.
On top of that, by now most of the top antivirus providers will have updated their signature files in order to be able to detect and defend against this nasty.
Also, for those of you who might be ultra paranoid, Microsoft has published workarounds which include stripping all icons away from shortcuts (something which I think will have a massive negative effect of productivity, to WebDAV client services (check out the Workarounds section of Microsoft advisory KB228698). For 99.9% of users out there, this should be unnecessary (especially if you run up-to-date antivirus). You can also chose to block LNK and PIF files at your borders if you have a firewall that accepts rules, which will provide protection from remote attacks.
For those wanting to know more, WebSense has a technical analysis here.
So, should you be worried? No.
[UPDATE: So, should you be worried ... ? Well, a little. These attacks have spread over the past few days, but still remain relatively low. However, if you are concerned, of feel that your antivirus software doesn't offer protection, it is advisable that you disable WebDAV client services, jsut to be safe.]
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
There is an A bomb in Times Square
RE: Should you be worried about the Windows
Not worried, however...
Cue Dietrich...
Good info Adrian, Thanks.. I can rest easy.
Thanks for filling in Wolfie!
RE: Should you be worried about the Windows
Linux in the home...
I too have been working with Linux on and off since the mid-1990s, and there is good reason for this lack of penetration of the home market, quite aside from Microsoft's constant assaults on the Linux community (Linspire and other distros they've directly attacked, et. al). The fact that far too much hardware doesn't have downloadable drivers that just work is a huge minus to non-technically-minded people (i.e.: typical computer users)
I'm a computer technician, and I've yet to get my RTL8192SE-VA2 wifi card to work in either 32-bit or 64-bit Linux Mint 9 (which, since it's based on the Ubuntu codebase, is of huge concern). I've tried four versions of the driver, and compiling has been quick, but it hasn't worked, even though I'm following the instructions to the letter. That sort of problem is something the masses simply can't (or won't) bother with, and I can't say I blame them.
Linux in the home
A few got a conscience and switched when I explained Microsoft licensing to them. (ie why you are having trouble installing XP with your brother-in-law's disk and getting it validated)
Check any laptop with a "quick boot" environment
RE: Should you be worried about the Windows
Most won't know its Linux and wouldn't care
I didn't know Splashtop was Linux, as it could have been dedicated browser app/OS. The original P Series I had, had a different Linux 'instant-on' regime that proved just as slow to start up, so it got blown away with Vista when I upgraded it to Win 7.
narrow minded
Yes, we should stand firm against these obsessed fanatics full of prejudgment against good quality software. Incredible that people are so narrow minded.
On the contrary, we know that the universe will not collapse, but still the earth may stop turning or at least the world as we know will cease to exist if we don't pick, out of a few 100 possibility's, the product of that Redmond company.
Some people may think that is sufficient to use it in two places, for our administration at the office where our employer put it on our computer and on our home computer where we had to buy it anyway when the thing was bought. But more is needed. People should not underestimate the vital importance to use it nowhere. Only so our world can survive.
For this we happily can count on a great company and moral reference like MS that was ready to licensing its great Win XP OS for just a few dollars on Netbooks, just to protect us against the dangers of that open OS.
What can we do anyway with that "open" OS. And do you ever hear users of MS products complaining that Linux is dominating the world of supercomputing, and is so strong in many other area's?
RE: Should you be worried about the Windows
IMPORTANT !!!
I think it is important to correct this potentially dangerous claim about a bootdisk:
"Not being able to upgrade easily is a big security concern, as we all know that for best security you want to keep things up to date."
If you boot from a bootdisk and then go directly to your homebanking site, you will be at least 10 times more save than if you use your hard-disk based computer that you normally use to visit the Internet. Even while that bootdisk does not have the latest version and patches for every soft on it.
It is very improbable that your system would get infected while visiting your homebanksite. To be infected before that malware has to be inserted before you burn the CD. At this moment that risk is very improbable.
Follow this (dutch) link to find out how the criminals proceed, http://www.tijd.be/nieuws/ondernemingen_financien/De_kraak_van_de_eeuw-_uw_onlinebankrekening.8942619-3095.art?highlight=internet%20criminelen or read any other information about the subject.
RE: Should you be worried about the Windows
RE: Should you be worried about the Windows
ROFL! All is well. You can eat cake instead of bread. Not worried, not worried, not worried....
And I am glad at least one person knows the scope. Could you enlighten us Loverock? What tools did you use? You know you can make money by selling those to MS or Symantec?
RE: Should you be worried about the Windows
This design flaw could execute any program, so assuming that others know about it, which I'm sure is true, there will be new payloads besides the original Siemens specific one. The fact that AV sigs now cover the original is pretty meaningless.
http://blog.didierstevens.com/programs/ariad/
Read very very carefully before installing.
RE: Should you be worried about the Windows
You are new ZDNet readers, are you?
Anyone who has been here for any length of time knows that LD is all tongue-in-cheek.
Read this
http://www.computerworld.com/s/article/9179358/Experts_predict_extensive_attacks_of_Windows_zero_day
Summary of that article
Key points from that article are:
"Although we have not observed the vulnerability exploited beyond the original targeted attacks, we believe wide-scale exploitation is only a matter of time."
As well as :
The Internet Storm Center (ISC) pushed its Infocon threat indicator to "Yellow," a rare move, while Symantec also bumped up the status of its ThreatCon barometer to "Elevated." Today's shift by ISC was the first Yellow since July 2009...."
So yes this could be a big deal if it's adapted before MS can create and send out a patch!
Not a lot anyone can do other that wait and see which happens first!