On Friday, July 16, a vulnerability was identified in Windows Shell that affects all Windows Operating Systems. The Security Advisory is available at http://www.microsoft.com/technet/security/advisory/2286198.mspx
General Information
Executive
Summary
Microsoft is investigating reports of
limited, targeted attacks exploiting a vulnerability in Windows Shell, a
component of Microsoft Windows. This advisory contains information
about which versions of Windows are vulnerable as well as workarounds
and mitigations for this issue.
The vulnerability exists because
Windows incorrectly parses shortcuts in such a way that malicious code
may be executed when the icon of a specially crafted shortcut is
displayed. This vulnerability can be exploited locally through a
malicious USB drive, or remotely via network shares and WebDAV. An
exploit can also be included in specific document types that support
embedded shortcuts.
Microsoft is currently working to develop a
security update for Windows to address this vulnerability.
We are
actively working with partners in our Microsoft
Active Protections Program (MAPP) to provide information that they
can use to provide broader protections to customers.
Update – July 21 –
Microsoft has released a ‘fix it’ – It can be downloaded from http://support.microsoft.com/kb/2286198
NOTE: Applying the fixit will remove the graphical representation of icons on the Task bar and Start menu bar and replace them with white icons without the graphical representation of the icon.
Before applying the Fix It icons on the desktop will look like:
After applying the Fix It Icons will change to the following on the task bar: