Microsoft delivers temporary fix for critical Windows flaw

Microsoft released a temporary "Fixit" workaround on Tuesday, to protect Windows users against a critical unpatched Windows Shell vulnerability.

Microsoft issued a security bulletin on Friday to warn customers of a 0-day exploit involving the Windows Shell. The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has "seen only limited, targeted attacks on this vulnerability."

On Tuesday the software giant issued a Fixit solution for customers, to help prevent attacks attempting to exploit this vulnerability. Applying the fixit will remove the graphical representation of icons on the Task bar and Start menu bar and replace them with white icons without the graphical representation of the icon.

Before:

After:

For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft's advisory, exploitation may also be possible via network shares and WebDAV shares. Microsoft states that the exploit affects all Windows versions since Windows XP, including Windows 7. However, unsupported versions of Windows 2000 and Windows XP SP2 are also affected by the flaw. Applying Microsoft's Fixit will prevent the vulnerability from being exploited.

Microsoft is still investigating reports of limited, targeted attacks. The company's next patch Tuesday isn't scheduled until August 10 but an out of band security update has not been ruled out.

Report a problem with article
Previous Story

Microsoft to give Windows Phone 7 phones to every employee

Next Story

Rumor: T-Mobile may get iPhone this fall

31 Comments

Commenting is disabled on this article.

Fix for missing icon. I recently reinstalled a program to find missing taskbar icon. I checked the properties of the shortcut, in "start in folder" has double quotes twice. After removing the one quote the icon is fixed.

Surely most AV companies are on top of this know...

Still if you know you are being targeted (or are a potential target) this should probably be used until the patch is released.

KavazovAngel said,
Why do people make such a big deal out of this?

they like being pedantic.

hmm seems similar to the bug in windows millenium where viewing a specially crafted icon would cause a bsod...i still have that somewhere

KavazovAngel said,
Why do people make such a big deal out of this?

Well for one, it a critical exploit and in a business setting, there is a need to plug it.

cork1958 said,
No thanks.

I'll leave things as they are.

Why would anyone execute a specially crafted icon anyway?


No need to execute, just display. Can come in a pen, a compressed folder, WebDAV shares...

The inability to SIMPLY disable removable media auto-play is yet another Microsoft blunder. All the machines I configure ALWAYS have the reg hack to TOTALLY disable FFFF'ing autoplay. When will Microsoft learn? Pick the bones out of this...


Windows Registry Editor Version 5.00

;=============================================================
;Effectively disabling AutoRun
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
;============================================================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
;***"AutoRun"=dword:00000001 Enable autorun
"AutoRun"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;***"NoDriveTypeAutoRun"=dword:00000091 Default
;***"NoDriveTypeAutoRun"=dword:000000b5 Default (Also disables CD Autorun)
;***"NoDriveTypeAutoRun"=dword:000000FF (Disables all drives)
"NoDriveTypeAutoRun"=dword:000000FF
"NoStartBanner"=hex:01,00,00,00
"NoDriveAutoRun"=hex:ff,ff,ff,03

;"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
;***"NoDriveTypeAutoRun"=dword:00000091 Default
;***"NoDriveTypeAutoRun"=dword:000000b5 Default (Also disables CD Autorun)
"NoDriveTypeAutoRun"=dword:00000091

boho said,
The inability to SIMPLY disable removable media auto-play is yet another Microsoft blunder. All the machines I configure ALWAYS have the reg hack to TOTALLY disable FFFF'ing autoplay. When will Microsoft learn?

This is not a problem of AutoRun. It's enough to place such file on a desktop, for example (imaging, you've got a zip with DLL and LNK inside). And than you are infected.

crap.... the IT guys just pushed the update and now all my icons are showing up as default.....

meh... now the quicklaunch is useless....

Ok. So a badly formed .LNK on a USB stick can exploit a hole.

How will this bad .LNK file magically appear on my USB sticks to begin with?

Thank goodness its not a remote exploit. The "fix" is a joke imo, breaking taskbar icons. A multi-billion dollar company like MS can only provide a stupid "fix" like this, poor.

Ricky65 said,
Thank goodness its not a remote exploit. The "fix" is a joke imo, breaking taskbar icons. A multi-billion dollar company like MS can only provide a stupid "fix" like this, poor.

It's temporary?

GreyWolf said,

It's temporary?

Even if it's temporary, the icons are the only thing used to distinguish applications in the taskbar (by default on Win7)

Rudy said,
Even if it's temporary, the icons are the only thing used to distinguish applications in the taskbar (by default on Win7)

While it's ugly they still have tooltips.

Rudy said,
Even if it's temporary, the icons are the only thing used to distinguish applications in the taskbar (by default on Win7)

You can provide your own fix. Just make sure your shortcuts go where they are suppose to go. if they don't remove them.

I would rather keep removable media away from my machine, than loose my taskbar icons. I am sure a less draconian fix will come on Tuesday!

martinDTanderson said,
I would rather keep removable media away from my machine, than loose my taskbar icons. I am sure a less draconian fix will come on Tuesday!

I barely use removable media with my machine on the first place. The only thing that plugs in is either one of my phones or my camera. For everything else, there's plenty of online storage and Windows Live Sync.

martinDTanderson said,
I would rather keep removable media away from my machine, than loose my taskbar icons. I am sure a less draconian fix will come on Tuesday!

As do I... I think I'll keep the icons, thanks all the same.

UzEE said,

I barely use removable media with my machine on the first place. The only thing that plugs in is either one of my phones or my camera. For everything else, there's plenty of online storage and Windows Live Sync.

I use removable storage, but it isn't just any removable storage. It is the stuff that has a dodgy origin...

martinDTanderson said,
I would rather keep removable media away from my machine, than loose my taskbar icons. I am sure a less draconian fix will come on Tuesday!

Icons are neither loose nor tight.

/l-o-s-e