Windows Enterprise Desktop

Jul 29 2010   4:10PM GMT

Vulnerability in Windows Shell could allow remote code execution

Ed Tittel Ed Tittel Profile: Ed Tittel

Thanks to Paul Thurrot’s SuperSite for turning me on to a serious Windows vulnerability related to the same shell shared by “… all modern Windows versions from Windows XP through7, including all Server versions…” There’s also a July 21, 2010 Microsoft Security Advisory (2286198) that explains this issue available, that’s probably worth reading, too.

Here’s the 10,000 foot view: a Belarussian security firm named VirusBlokAda reported its discovery on June 17 that Windows passes shortcuts in such as way as to enable malicious code to be executed when the icon for a specially-crafted shortcut gets displayed (the code is attached to the icon image, so that processing the image for display also causes the attached code to run). Microsoft plans to issue a fix on the August Patch Tuesday (8/9/2010) but the Security Advisory includes a workaround that may be applied in the iterim. Basically it strips all shortcuts of their icons (no display, no possibility of running malicious code: get it?) so that users enjoy security from this vulnerability at the cost of little white boxes for shortcuts instead of pretty icons.

In testing the workaround on my Windows 7 x64 test machine I also encountered the new Microsoft Fix It facility, which applied the patch (and gave me access to a reverse the fix tool as well). Pretty interesting stuff, and I expect to see it used more often as Microsoft steps up its proactivity in dealing with security glitches in advance of published updates, as in this case. Kewl!

As an aside, I personally hate shortcuts and always opt to keep them off my desktop in 99 out of 100 cases. Who knew that what I thought was an esthetic foible could turn out to be a best security practice?

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Ed Tittel
    If you install the FixIt workaround available in KB2286198, even if you install the follow-on Security Update (MS 10-046), you must still return to the KB article page, and then run the uninstall the patch FixIt program to get your icons back to normal on your desktop. Apparently MS didn't write code to check for that patch/hotfix application nor did it choose to reverse the workaround as part of applying the follow-on update. Given that there was less than a week between workaround and long-term update, I guess you can't blame them. But man, I was disappointed when after applying the latest out-of-band update, it didn't also restore my icons from the blank white page look to their original full-color glory. Just another day in the IT trenches, I guess! --Ed--
    4,535 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: