New zero-day "shortcut worm" vulnerability affects all versions of Windows
F-Secure advises companies to establish a USB Device Policy and to migrate from Windows XP Service Pack 2 as soon as possible.
Helsinki, Finland – July 20, 2010: Microsoft published Security Advisory 2286198 on Friday of last week, confirming the existence of a critical vulnerability in all supported versions of Windows. The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI. An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.
The shortcut vulnerability was discovered during investigation of the Stuxnet rootkit which has been used in targeted attacks aimed at Siemens SCADA systems. Such systems are used for supervisory control and data acquisition in industrial facilities such as power plants. The shortcut file used in this case is detected as Exploit:W32/WormLink.A.
The situation is now more critical because a publicly available proof of concept was posted to several exploit database sites over the weekend. Proof of concept exploit code is now in-the-wild and F-Secure fully expects virus writers to utilize this method of attack in the near future.
Sean Sullivan, Security Advisor at F-Secure, says, “This shortcut worm is very dangerous and the seriousness of the situation will increase until Microsoft releases a fix. And because Microsoft Windows XP Service Pack 2 is no longer supported, even the fix won't fully resolve the issue. This is a major concern as F-Secure’s research shows that SP2 is still being used by many organizations.”
F-Secure strongly recommends that companies and organizations migrate to Windows XP Service Pack 3 as soon as possible, or implement Microsoft's suggested workarounds.
Additionally, organizations need to create or review their USB device policy. “This danger can be mitigated with best practices. If a company doesn't have a security policy regarding USB devices, they're at risk. Those that do have a policy should review it and make sure that it's being followed. And this is time critical as summer vacation season is approaching,” says Sullivan.
F-Secure Security Lab is continuing its research into the “shortcut worm” and the latest news will be available at our blog http://www.f-secure.com/weblog/
F-Secure – Protecting the irreplaceable
While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.
f-secure.com I twitter.com/fsecure I facebook.com/f-secure
Media contact
Sandra Proske
Tel. +49 176 700 366 64
E-mail: firstname.lastname@f-secure.com
Safe & Savvy
Facebook