Windows Shell attacked

Microsoft released a security advisory, which addresses a publicly reported vulnerability in Windows Shell. The company has seen limited, targeted attacks on this vulnerability.

The software giant is investigating reports of exploiting the hole. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled.

In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware.

While Microsoft continues its investigation of the issue, it recommends that customers follow the guidance provided in Security Advisory 2286198.

Source: Microsoft.