newsbot
17-07-2010, 10:14 PM
Microsoft has released Security Advisory 2286198 (http://www.microsoft.com/technet/security/advisory/2286198.mspx), which provides details on the LNK shortcut (Windows Shell) vulnerability that's currently being exploited by the Stuxnet rootkit (http://www.f-secure.com/weblog/archives/00001987.html).
The news is not good.
Besides USB devices, the Windows Shell vulnerability can also be exploited via Windows file shares and WebDav.
All versions of Windows are affected:
http://www.f-secure.com/weblog/archives/microsoft_advisory_2286198.png
Vulnerable versions include Windows XP Service Pack 2 which is not listed by the advisory due to its recent end-of-support status (http://www.f-secure.com/weblog/archives/00001984.html).
If there's to be no patch for SP2, users will need to implement the suggested workarounds:
• Disable the displaying of icons for shortcuts
• Disable the WebClient service
See Microsoft's Security Advisory (http://www.microsoft.com/technet/security/advisory/2286198.mspx) for details. On 17/07/10 At 10:04 AM
**Hidden Content: Check the thread to see hidden data.**
The news is not good.
Besides USB devices, the Windows Shell vulnerability can also be exploited via Windows file shares and WebDav.
All versions of Windows are affected:
http://www.f-secure.com/weblog/archives/microsoft_advisory_2286198.png
Vulnerable versions include Windows XP Service Pack 2 which is not listed by the advisory due to its recent end-of-support status (http://www.f-secure.com/weblog/archives/00001984.html).
If there's to be no patch for SP2, users will need to implement the suggested workarounds:
• Disable the displaying of icons for shortcuts
• Disable the WebClient service
See Microsoft's Security Advisory (http://www.microsoft.com/technet/security/advisory/2286198.mspx) for details. On 17/07/10 At 10:04 AM
**Hidden Content: Check the thread to see hidden data.**