Shortcut Worm Vulnerability Affects All Windows Versions

Microsoft confirmed the existence of a critical vulnerability in all supported versions of Windows. The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut’s icon is loaded to the GUI. An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.

2 Comments

  1. 2010-07-21 4:26 am
    • 2010-07-21 10:15 am