| ||Thread Tools|
|20th July 2010, 23:39||#1|
Join Date: May 2002
New Windows Shortcut zero-day exploit confirmed
Reports have been circulating for a few weeks about a new attack being targeted at certain Windows users that used USB memory sticks to propagate. More details have now emerged, including confirmation from Microsoft that a new flaw exists and is being exploited.
The attack uses specially crafted shortcut (.lnk) files, which trick Windows into running code of an attacker's choosing. Any Windows application that tries to display the shortcut's icon—including Explorer—will cause exploitation, so even the mere act of browsing a directory with the malicious shortcuts is sufficient for a system to be exploited. Analysis suggests that the shortcuts are not improperly formed; rather they depend on a flaw in the way that Windows handles shortcuts to Control Panel icons.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch||jmke||WebNews||0||14th April 2009 19:47|
|Microsoft Security Bulletin Summary for September 2008||jmke||WebNews||0||9th September 2008 20:20|
|Microsoft Security Bulletin Summary for August 2007||jmke||WebNews||0||14th August 2007 23:21|
|Microsoft Security Bulletin Summary for June 2006||jmke||WebNews||0||14th June 2006 21:51|
|List of fixes included in Windows XP Service Pack 2||jmke||WebNews||1||17th August 2004 16:03|