Microsoft releases critical patch for Windows shortcut flaw
Move designed to fix a zero-day shell vulnerability
- By Kurt Mackie
- Aug 02, 2010
Microsoft is releasing a patch today for a zero-day Windows shell vulnerability that can spread malware through shortcut files.
The company released an advance notice last week about the out-of-band security bulletin to come, describing it as a "critical" patch for all supported Windows systems. Critical security bulletins address "a vulnerability whose exploitation could allow the propagation of an Internet worm without user action," according to Microsoft's definition.
The advance notice also indicated it was critical to patch Windows XP Professional x64 Service Pack 2. Microsoft ended patch support for Windows XP SP2 on July 13, so it seems a patch will not arrive for this unsupported operating system. Users of this OS have to seek custom support from Microsoft if they can't move off it.
The Windows Shell exploit uses shortcuts to programs on the Windows desktop, which are enabled by. LNK files. Typically, the exploit is distributed through the use of infected USB drives but users don't have to click on the shortcuts for the malware to spread. The infected shortcut files drop malware in Windows systems.
In a blog post, Microsoft explained that it has completed the necessary testing to release the patch, which is needed to battle a growth in Windows Shell exploits. Attacks have increased since Microsoft announced a security advisory about the Windows Shell flaw on July 16.
Earlier, Microsoft had associated the exploit with the Stuxnet worm, and later with the Chymine family of trojan droppers. Microsoft is now saying that the "highly virulent" Sality.AT malware dropper has taken the lead in exploiting the Windows Shell flaw. Since Sality.AT is active in Brazil, that county has seen a greater number of attacks trying to exploit the flaw.
Some software security firms, such as Sophos and G Data, have offered free workaround tools, but the tools apparently do not remove existing contaminations that might reside on a user's desktop. For that, users need antivirus software that can detect the malware. Microsoft also recommends a "Fix it" workaround that disables shortcuts.
The out-of-band patch for the Windows Shell vulnerability is arriving shortly before Microsoft's August security update. That update is scheduled to appear on Aug. 10, "Patch Tuesday" for the month.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.