You are here

HomeBrandon Dimmel › Experts Fear Windows Shortcut Flaw to be Widespread

Experts Fear Windows Shortcut Flaw to be Widespread

Dennis Faas's picture
by Brandon Dimmel on July, 23 2010 at 08:07AM EDT

A serious security flaw affecting Windows shortcuts could pose a significant risk to critical global infrastructure, says a new report from security research firm Sophos. Power grids and manufacturing plants could soon be targeted by a flaw that researchers say has already been exploited by hackers.

"Early versions of the malware have been programmed to seek out SCADA software (Supervisory Control And Data Acquisition) by Siemens Corporation, which is used in managing industrial infrastructures, such as power grids and manufacturing plants," said Sophos.

Security Firms Fear Growing Threat

Siemens was the initial target of the flaw, which is associated with .LNK file extensions and which was at first exploited by infected USB memory drives. Security experts now fear other avenues could be used to infect the systems of common PC users as well as commercial and government targets.

"The threat from the exploit is high as all a user has to do is open a device or folder -- without clicking any icons -- and the exploit will automatically run," noted Sophos senior technology consultant, Graham Cluley. "With an additional variant of the malware already on the loose, the potential for this exploit to become more widespread is growing rapidly." (Source: guardian.co.uk)

Microsoft's Response Criticized

One big problem with the flaw is that it affects all versions of Windows, including Windows 7.  "As the result, we believe most environments will be exposed until Microsoft releases a patch," said Internet Storm Center's Lenny Zeltser.

Some technology blogs are angry about both the flaw and Microsoft's response, a somewhat inconvenient "Fix It" workaround that disables icons in Windows. "If this gaffer tape approach to security patches becomes the norm at Microsoft, perhaps a better and more permanent solution to Windows' insecurities will be to remove it altogether," wrote The Register's Lawrence Latif, on Thursday. (Source: theinquirer.net)

Download and Apply Windows Shortcut Flaw Temporary Fix

The fix is available via Microsoft's website. Once the temporary fix is applied, all shortcut icon images will be replaced by a blank square. An example is included in the link below.

http://support.microsoft.com/kb/2286198

Filed under:
Business
,
Microsoft
| Tags:
flaw
,
microsoft
,
security
,
windows
,
fix
Rate this article: 
No votes yet
Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.