Windows “Shortcut” Bug Code Made Public

According to a security researcher – all versions of Windows Operating system contains a serious bug, which may result in critical vulnerability of your system. The bug is present in the latest Windows7 service packs as well as on older versions of Windows, PC World reports.

Microsoft issued a security advisory on Friday which discusses how hackers can use a shortcut file ending with a .ink extension to automatically run their scripts (read malware) by letting the user view the contents of a folder containing the shortcut.

The researcher, who is better known as “Ivanlef0u”, published proof of the concept code to several locations on the internet. His work was later confirmed by a Belgian researcher Didier stevens, who said that Ivanlef0u’s code can be used to create an effective malware attack on any Windows operating system.

Stevens announced in a blog post that he had tested Ivanlef0u’s code using his self made tool and that the utility successfully blocks attacks from USB or DVD drives. You can use Ariad if you want to mitigate attacks with these shortcut links until Microsoft releases a patch, said stevens.

While Steve’s tool can be effective in blocking executable files from removable drives, it is not meant for rookie users who do not understand the working of the application. This is because Steve’s tool is a mini filter drive and works inside the Windows kernel, causing disturbance in the kernel can have grave consequences.

To defend users from such malicious USB attacks, the US Computer readiness team added an article which reads:

By convincing a user to display a specially-crafted shortcut file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, this can happen automatically by connecting a USB device. This vulnerability can also be triggered by viewing a web page with Internet Explorer or opening a document with Microsoft Office.

Disabling the autorun and auto play feature is a solution but not all computer users are security experts. Millions of people don’t know about such security holes and it would be better if Microsoft could come up with a patch or something. Wait!, they already stopped the security updates for older versions of Windows?

Now who is going to answer such concerns?

Published by

Amit Banerjee

Amit has been writing for Techie Buzz since early 2009 and keeps a close eye on web apps, Google and all things Tech. He also writes at his own tech blog, Ampercent. Follow him on Twitter @ amit_banerjee