Well, I wanted to have my first blog post of the week be about a different topic, but since this is breaking news, I’m going to post about it.
There has been a new vulnerability discovered, and reported by Microsoft as of July 16th with security advisory number 2286198. It affects all Windows operating systems (XP, Vista, 7, and correlating service packs), and the source code is already publicly available. The worry is that this will start to experience wide-spread usage within the next few weeks by malware writers.
What It Does
When we browse the file system in Windows, it shows icons for each file/shortcut/directory, and these can be customized. This malicious code is hiding in the simple viewing (not even running the shortcut) of the shortcut’s icon containing the malicious code. The malware utilizing this exploit can spread via infected USB thumb drives and the usual unintentional downloading of trojan horses and the like.
How to Protect Against It
Follow Microsoft’s instructions for not displaying shortcut icons. Microsoft’s temporary fix can be found with their security advisory number 2286198 (see the Workarounds and Mitigating Factors sections).
My Original Source
I found out about this issue through Trend Micro’s CounterMeasures blog post about the situation.
Follow the workarounds described by Microsoft in their security advisory and hope that they can push out their fix by Patch Tuesday in August (closest planned patch date).