Windows “Shortcut” Bug Code Made Public
By on July 22nd, 2010

According to a security researcher – all versions of Windows Operating system contains a serious bug, which may result in critical vulnerability of your system. The bug is present in the latest Windows7 service packs as well as on older versions of Windows, PC World reports.

Microsoft issued a security advisory on Friday which discusses how hackers can use a shortcut file ending with a .ink extension to automatically run their scripts (read malware) by letting the user view the contents of a folder containing the shortcut.

The researcher, who is better known as “Ivanlef0u”, published proof of the concept code to several locations on the internet. His work was later confirmed by a Belgian researcher Didier stevens, who said that Ivanlef0u’s code can be used to create an effective malware attack on any Windows operating system.

Stevens announced in a blog post that he had tested Ivanlef0u’s code using his self made tool and that the utility successfully blocks attacks from USB or DVD drives. You can use Ariad if you want to mitigate attacks with these shortcut links until Microsoft releases a patch, said stevens.

While Steve’s tool can be effective in blocking executable files from removable drives, it is not meant for rookie users who do not understand the working of the application. This is because Steve’s tool is a mini filter drive and works inside the Windows kernel, causing disturbance in the kernel can have grave consequences.

To defend users from such malicious USB attacks, the US Computer readiness team added an article which reads:

By convincing a user to display a specially-crafted shortcut file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, this can happen automatically by connecting a USB device. This vulnerability can also be triggered by viewing a web page with Internet Explorer or opening a document with Microsoft Office.

Disabling the autorun and auto play feature is a solution but not all computer users are security experts. Millions of people don’t know about such security holes and it would be better if Microsoft could come up with a patch or something. Wait!, they already stopped the security updates for older versions of Windows?

Now who is going to answer such concerns?

Tags: ,
Author: Amit Banerjee Google Profile for Amit Banerjee
Amit has been writing for Techie Buzz since early 2009 and keeps a close eye on web apps, Google and all things Tech. He also writes at his own tech blog, Ampercent. Follow him on Twitter @ amit_banerjee

Amit Banerjee has written and can be contacted at amit@techie-buzz.com.
  • Desktop IT

    I work up at AT&T Wi-Fi Services as the senior Windows Desktop SysAdmin in IT, and after some recent patches this week, our end users are complaining of the same issue in both Windows XP and Windows 7. That is, all icons are blank/generic except for folder icons.

    My server guy and I think it's potentially the 0 Day exploit patch.

    Unfortunately, we have a lot of end-users with either blank, generic, or black icons for short-cuts, programs, pretty much everything aside from folders. We've tried a few things to get the icons to correct, but unfortunately nothing has worked. We've done the power-toys/tweak-ui rebuild of the icons, as well as a few other programs. Even manually changing the shortcut icons doesn't work.

    The other unfortunate bit is I have a freshly imaged Win7 box sitting in front of me, and after all the updates it has the same issue as well.

    Anyone else heard anything else or seen any other forums out there with more information?

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN