Microsoft released a temporary "Fixit" workaround on Tuesday, to protect Windows users against a critical unpatched Windows Shell vulnerability.
Microsoft issued a security bulletin on Friday to warn customers of a 0-day exploit involving the Windows Shell. The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has "seen only limited, targeted attacks on this vulnerability."
On Tuesday the software giant issued a Fixit solution for customers, to help prevent attacks attempting to exploit this vulnerability. Applying the fixit will remove the graphical representation of icons on the Task bar and Start menu bar and replace them with white icons without the graphical representation of the icon.
Before:
After:
For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft's advisory, exploitation may also be possible via network shares and WebDAV shares. Microsoft states that the exploit affects all Windows versions since Windows XP, including Windows 7. However, unsupported versions of Windows 2000 and Windows XP SP2 are also affected by the flaw. Applying Microsoft's Fixit will prevent the vulnerability from being exploited.
Microsoft is still investigating reports of limited, targeted attacks. The company's next patch Tuesday isn't scheduled until August 10 but an out of band security update has not been ruled out.
31 Comments - Add comment