Article

Shortcut worm affects all versions of Windows

SearchSecurity.in Staff

Microsoft has recently issued a security advisory (2286198) validating the existence of a critical vulnerability in all supported versions of Windows. The latest one to be detected is the new zero-day 'shortcut worm' vulnerability

Requires Free Membership to View

which is exploited via USB storage devices, network shares or remote WebDAV shares. This exploit is possible if the USB device's contents can be viewed in Windows Explorer.

The shortcut worm attack is executed when specially crafted shortcut (.lnk) files execute code as the shortcut's icon is loaded to the GUI. This was first discovered during the investigation of the Stuxnet rootkit used in targeted attacks that focused on Siemens SCADA systems. The shortcut file used in this case is detected as Exploit: W32/WormLink.A.

Furthermore, the situation is now more critical as a publicly available proof of concept was posted to several exploit database sites over the weekend. Antivirus vendor F-Secure anticipates that virus writers will abuse shortcut worm-based attacks in the near future. As a preventive measure, it suggests that companies establish or review their USB Device Policy, as well as migrate from Windows XP Service Pack 2 to Windows XP Service Pack 3 as soon as possible.