Microsoft Acknowledges Windows Shell Vulnerability
The zero-day vulnerability appears to be designed for industrial espionage.
Image Gallery: Windows 7 Revealed
(click image for larger view)
Image Gallery: Windows 7 Revealed
Microsoft on Friday issued a Security Advisory stating that it is investigating limited attempts to exploit a vulnerability in the Windows Shell.
The zero-day vulnerability was disclosed last week by Belorussian antivirus company, VirusBlokAda. It takes advantage of Windows shortcut files by making them execute automatically when accessed from a USB drive via Windows Explorer.
The Stuxnet malware, which is believed to have been circulating for about a month, attempts to exploit this vulnerability.
Stuxnet "takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system," explains Microsoft on its Malware Protection Center blog. "In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction."
Microsoft says that Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 are affected.
As workarounds to mitigate the risk of compromise, Microsoft is recommending that administrators disable the display of icons for shortcuts, and disable the WebClient service.
On Sunday, proof-of-concept exploit code was posted at exploit-db.com.
According to computer researcher Frank Boldewin, the malware also targets Siemens SCADA WinCC, an industrial process control system, and its visualization components.
This is precisely the sort of system that government critical infrastructure protection initiatives aim to secure.
The sophistication of the malware's creator is also evident in the code's apparent appropriation of a digital signature from a legitimate chip maker, Taiwan's RealTek Semiconductors, to help install malicious drivers.
About the Author
You May Also Like
Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024