In an attempt to temporarily fix Windows Shell’s critical .LNK vulnerability, Microsoft updated its security advisory warning users of the flaw with the Tuesday release of an automated “Fix It” tool, which is apparently a makeshift arrangement till the company issues a patch.
The Windows Shell vulnerability results from its flawed mechanism that erroneously parses shortcuts – which are links represented by icons and connected with the LNK extension -; and leads to the execution of a corrupt code. The flaw has already facilitated the remote execution of malicious code by the hackers, with the help of infected USB drives or network shares and WebDAVs.
To disable the shortcuts in Windows, IT professionals can implement a workaround – either following the ‘disable shortcut’ steps manually or by using the recently released “Fix It” solution, which makes the workaround automatic.
With the disabling of the shortcuts, the shortcut icons will be displayed as ‘white’ default icons; and will avert the exploitation of the vulnerability in the case of malware attacks. However, the disabling of the shortcuts will have no impact on the system’s usability.
According to Microsoft, the “Fix It” workaround, which “disables .LNK and .PIF file functionality,” is applicable to Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 environments.
Related News
- Microsoft issues security advisory to users about Windows Shell flaw
- Microsoft issues “out of band” security patch to fix Windows flaw
- Microsoft issues Security Advisory for Help flaw in Windows XP, Server 2003
- Israeli researcher publishes a new Windows flaw in ‘win32k.sys’ component
- Windows vulnerability not likely to allow code execution: Microsoft
- Microsoft cautions against new vulnerability in older Windows systems running IE
- Microsoft to release an “out of band” patch to fix Windows flaw on Monday
