Shortcut worm affects all versions of Windows


Shortcut worm affects all versions of Windows Staff

Microsoft has recently issued a security advisory (2286198) validating the existence of a critical vulnerability in all supported versions of Windows. The latest one to be detected is the new zero-day 'shortcut worm' vulnerability

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

which is exploited via USB storage devices, network shares or remote WebDAV shares. This exploit is possible if the USB device's contents can be viewed in Windows Explorer.

The shortcut worm attack is executed when specially crafted shortcut (.lnk) files execute code as the shortcut's icon is loaded to the GUI. This was first discovered during the investigation of the Stuxnet rootkit used in targeted attacks that focused on Siemens SCADA systems. The shortcut file used in this case is detected as Exploit: W32/WormLink.A.

Furthermore, the situation is now more critical as a publicly available proof of concept was posted to several exploit database sites over the weekend. Antivirus vendor F-Secure anticipates that virus writers will abuse shortcut worm-based attacks in the near future. As a preventive measure, it suggests that companies establish or review their USB Device Policy, as well as migrate from Windows XP Service Pack 2 to Windows XP Service Pack 3 as soon as possible.