All use of Secunia Advisories is for non-commercial use only. No use is permitted for commercial use. For further information, see the End User License Agreement or contact us. If you are an IT security professional, request a trial of the Secunia VIM.

 
Highly critical

Microsoft Windows Shell Shortcut Parsing Vulnerability

-

Release Date:  2010-07-17    Last Update:  2010-08-02    Views:  24,797

Secunia Advisory SA40647

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of the Secunia VIM.

Description


A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of the Secunia VIM.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft Windows Shell Shortcut Parsing Vulnerability

User Message
ProloSozz RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Member 24th Jul, 2010 12:23
Score: 2
Posts: 1
User Since: 24th Jul 2010
System Score: N/A
Location: CH
Last edited on 24th Jul, 2010 12:23
How about Windows 2000. Is it not listed as it is not affectet, or is it not listed as it is no longer supported (but could be affected as well)?
Was this reply relevant?
+2
-0
ddmarshall RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Dedicated Contributor 24th Jul, 2010 22:32
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It appears to affect all versions of Windows that support .lnk files for shortcuts. I think that will include Windows 2000. Microsoft probably won't issue patches for anything before XP SP3. You might be able to adapt the workarounds in the Security advisory.

http://www.sophos.com/security/topic/shortcut.html
http://www.microsoft.com/technet/security/advisory...
http://support.microsoft.com/kb/2286198

--
Was this reply relevant?
+5
-0
aniket_zpm RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Member 25th Jul, 2010 12:12
Score: 5
Posts: 7
User Since: 25th Jul 2010
System Score: N/A
Location: IN
Last edited on 25th Jul, 2010 12:14
Here are some resources to read more about this threat:

http://www.symantec.com/connect/blogs/w32stuxnet-n...
http://www.symantec.com/connect/blogs/distilling-w...
http://www.symantec.com/connect/blogs/hackers-behi...
http://www.symantec.com/connect/blogs/w32stuxnet-i...
http://www.symantec.com/connect/blogs/w32temphid-c...

I feel that the propagation method of this threat could be similar to Conficker.



--
Aniket Amdekar,
Was this reply relevant?
+3
-1
ddmarshall RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Dedicated Contributor 25th Jul, 2010 22:13
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Here is a list of the vulnerable systems: http://www.securityfocus.com/bid/41732/info . It appears Windows 2000 may not be vulnerable.

--
Was this reply relevant?
+1
-2
aniket_zpm RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Member 25th Jul, 2010 22:22
Score: 5
Posts: 7
User Since: 25th Jul 2010
System Score: N/A
Location: IN
Hi,

In many discussions over internet, its mentioned that even windows 2000 is prone to this vulnerability.



--
Aniket Amdekar,
Was this reply relevant?
+3
-1
ddmarshall RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Dedicated Contributor 26th Jul, 2010 00:26
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Yes. It looks like it is. The Microsoft Encyclopaedia entry for the worm associated with the vulnerability says it adapts for the different filenams used in Windows 2000.
https://www.microsoft.com/security/portal/Threat/E...

--
Was this reply relevant?
+2
-0
Quitch RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Member 26th Jul, 2010 01:02
Score: 5
Posts: 53
User Since: 17th Apr 2008
System Score: 99%
Location: UK
(unknown source)
How about Windows 2000. Is it not listed as it is not affectet, or is it not listed as it is no longer supported (but could be affected as well)?


As Windows 2000 is no longer supported, expect it to no longer be mentioned for vulnerabilities which do affect it.
Was this reply relevant?
+2
-0

aniket_zpm

RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

aniket_zpm

RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
aniket_zpm RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Member 27th Jul, 2010 20:24
Score: 5
Posts: 7
User Since: 25th Jul 2010
System Score: N/A
Location: IN
Last edited on 27th Jul, 2010 20:24


--
Aniket Amdekar,
Was this reply relevant?
+5
-1
aniket_zpm RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Member 31st Jul, 2010 20:31
Score: 5
Posts: 7
User Since: 25th Jul 2010
System Score: N/A
Location: IN
Yesterday, Microsoft has announced plans to release an Out of Band Patch Release to address Microsoft Security Advisory 2286198 on Monday, August 2, 2010 at or around 10 AM PDT.

In the past few days, there has been an increase in attempts to exploit this vulnerability by multiple malware families. The signatures of most of the AV Vendors are able to detect these variants.

--
Aniket Amdekar,
Was this reply relevant?
+1
-0
rosbif73 RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Member 10th Aug, 2010 16:21
Score: 0
Posts: 1
User Since: 29th May 2010
System Score: N/A
Location: N/A
Last edited on 10th Aug, 2010 16:21
Even after installing the KB2286198 patch via Windows Update, PSI still reports XP as vulnerable to this advisory. Any ideas why?
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft Windows Shell Shortcut Parsing Vulnerability
Expert Contributor 10th Aug, 2010 16:41
Score: 2495
Posts: 3,386
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 10th Aug, 2010 16:43
@rosbif73 ,

As a new poster , you may not be aware that this thread in this "vulnerabilities" sub-forum is open for specific technical discussion of the SA and the disclosed vulnerability .

Your problem relates to the PSI and a specific M$ KB patch problem on your system .

I suggest you create your own thread (see left hand column of this website page) and repost your problem in either the "PSI" or "Open Discussion" sub-forum , if you still need advice .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.