Windows Shortcut Flaw To Get Patch on Monday

Microsoft plans to release a patch on Monday Aug. 2 for a zero-day Windows shell vulnerability that can spread malware through shortcut files.

The company released an advance notice today about the out-of-band security bulletin to come, describing it as a "critical" patch for all supported Windows systems. Critical security bulletins address "a vulnerability whose exploitation could allow the propagation of an Internet worm without user action," according to Microsoft's definition.

Today's advance notice also indicated it was critical to patch Windows XP Professional x64 Service Pack 2. Microsoft ended patch support for Windows XP SP2 on July 13, so it seems a patch will not arrive for this unsupported operating system. Users of this OS have to seek custom support from Microsoft if they can't move off it.

The Windows Shell exploit uses shortcuts to programs on the Windows desktop, which are enabled by. LNK files. Typically, the exploit is distributed through the use of infected USB drives but users don't have to click on the shortcuts for the malware to spread. The infected shortcut files drop malware in Windows systems.

In a blog post, Microsoft explained that it has completed the necessary testing to release the patch, which is needed to battle a growth in Windows Shell exploits. Attacks have increased since Microsoft announced a security advisory about the Windows Shell flaw on July 16.

Earlier, Microsoft had associated the exploit with the Stuxnet worm, and later with the Chymine family of trojan droppers. Microsoft is now saying that the "highly virulent" Sality.AT malware dropper has taken the lead in exploiting the Windows Shell flaw. Since Sality.AT is active in Brazil, that county has seen a greater number of attacks trying to exploit the flaw.

Some software security firms, such as Sophos and G Data, have offered free workaround tools, but the tools apparently do not remove existing contaminations that might reside on a user's desktop. For that, users need antivirus software that can detect the malware. Microsoft also recommends a "Fix it" workaround that disables shortcuts.

The out-of-band patch for the Windows Shell vulnerability will be arriving shortly before Microsoft's August security update. That update is scheduled to appear on Aug. 10, which will be "Patch Tuesday" for the month.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Industrial Control System Honeypot Illustrates Bad Security Practices

    Security solutions provider Trend Micro has published results (PDF) from running an industrial control system (ICS) "honeypot."

  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.