/>
X

MS ships temporary 'fix-it' for Windows shortcut zero-day attacks

Microsoft has released a "fix-it" tool as a stop-gap to block ongoing zero-day attacks against a new code execution flaw in Windows Shell.
ryan-naraine.jpg
Written by Ryan Naraine, Contributor on

Microsoft has released a "fix-it" tool as a stop-gap to block ongoing zero-day attacks against a new code execution flaw in Windows Shell.

The attacks, which incorporate signed drivers from RealTek and JMicron, are spreading locally via malicious USB drives or remotely via network shares and WebDAV.

Microsoft has posted a pre-patch advisory that spells out the problem:

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.

The flaw could also be exploited to launch drive-by downloads against users Windows running Internet Explorer:

An attacker could also set up a malicious Web site or a remote network share and place the malicious components on this remote location. When the user browses the Web site using a Web browser such as Internet Explorer or a file manager such as Windows Explorer, Windows will attempt to load the icon of the shortcut file, and the malicious binary will be invoked. In addition, an attacker could embed an exploit in a document that supports embedded shortcuts or a hosted browser control (such as but not limited to Microsoft Office documents).

In the absence of a patch, Microsoft is recommending that users run the automated "Fix-It" tool to disable the vulnerable .LNK and .PIF file functionality Windows machine.

Related

I tried Google's new job interview practice tool and I want to cry
Two mature business people congratulate a young professional.

I tried Google's new job interview practice tool and I want to cry

Google
How to clean your Keurig coffee maker inside and out
Before and after of removable parts

How to clean your Keurig coffee maker inside and out

Kitchen & Household
Delta Air Lines just gave customers something they never believed possible
screen-shot-2022-04-11-at-4-05-44-pm.png

Delta Air Lines just gave customers something they never believed possible

Innovation