CERT mailing list archives

Current Activity - Microsoft Windows LNK Vulnerability

From: Current Activity <us-cert () us-cert gov>
Date: Fri, 16 Jul 2010 10:17:28 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Microsoft Windows LNK Vulnerability

Original release date: July 16, 2010 at 10:08 am
Last revised: July 16, 2010 at 10:08 am


US-CERT is aware of a vulnerability affecting Microsoft Windows. This
vulnerability is due to improper handling of LNK files. Microsoft uses
LNK files, commonly referred to as "shortcuts" as references to files
or applications. By convincing a user to display a specially-crafted
LNK file, an attacker may be able to execute arbitrary code with the
privileges of the user. Depending on the operating system and
AutoRun/AutoPlay configuration, exploitation can occur without any
interaction from the user.

At this time, US-CERT is unaware of a practical solution to this
problem but encourages users and administrators to consider
implementing the following best practice security measures to help
reduce the risks:
  * Disable AutoRun as described in Microsoft Support article 967715.
  * Implement the principle of least privilege as defined in the
    Microsoft TechNet Library.
  * Maintain up-to-date antivirus software.

Additional information can be found in the US-CERT Vulnerability Note
VU#940193.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://support.microsoft.com/kb/967715>

<http://technet.microsoft.com/en-us/library/bb456992.aspx>

<http://www.kb.cert.org/vuls/id/940193>

====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_windows_lnk_vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTEBp6D6pPKYJORa3AQIOrAf/d/ckqqX1F1wh03+0L0HOfwSMbCaEVKG+
wO9DU+uSNne+B1jb/iMrsOlW9K7uit2J8LV1TCt3TECMT4wA4ath19nBM6qVDvaY
huvSnI+fmSUU8HtavgXzBPcYwP80Zu5JQD0g3+Kr9+dcU0532F1INkD3yGT8tYHj
5WybFoalX7jKyon72uZbJeGBDj8aGZjJzWVcMGGcmPnxhJhTQrOswUR0BF3uoE37
64+CVv7XyRtNFBWuIfsq+7hQdMBiyLiYThu6aIp8LPm2OouZIVbU/6kin0Fgw5Ld
Vt978XgK+Adr1/tnKfyIq+ofWZrregiIfh6UYXaCnZNeDLjd/UjZDQ==
=E9UD
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Microsoft Windows LNK Vulnerability Current Activity (Jul 16)
- <Possible follow-ups>
- Current Activity - Microsoft Windows LNK Vulnerability Current Activity (Jul 19)