Microsoft has recently issued a security advisory (2286198) validating the existence of a critical vulnerability in all supported versions of Windows. The latest one to be detected is the new zero-day 'shortcut worm' vulnerability
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
The shortcut worm attack is executed when specially crafted shortcut (.lnk) files execute code as the shortcut's icon is loaded to the GUI. This was first discovered during the investigation of the Stuxnet rootkit used in targeted attacks that focused on Siemens SCADA systems. The shortcut file used in this case is detected as Exploit: W32/WormLink.A.
Furthermore, the situation is now more critical as a publicly available proof of concept was posted to several exploit database sites over the weekend. Antivirus vendor F-Secure anticipates that virus writers will abuse shortcut worm-based attacks in the near future. As a preventive measure, it suggests that companies establish or review their USB Device Policy, as well as migrate from Windows XP Service Pack 2 to Windows XP Service Pack 3 as soon as possible.