Microsoft released a new Security Advisory (2286198) last Friday affecting the Windows operating system. A vulnerability exists in the way the Windows parses shortcuts that could lead to remote code execution. The most likely attack vector is through removable drives, although network shares could also play a part.
Even though this is a zero-day exploit with limited attacks, I am not expecting Microsoft to go out-of-band and patch this before the next patch Tuesday in August. This vulnerability affects all supported operating systems as well as the beta service packs for Windows 7 and Windows 2008. It is important to note that Windows XP SP2 is not listed as an affected product even though the operating system / service pack level is vulnerable. This product reached end of life support last patch day.
Microsoft’s advisory page has a few workarounds posted that can help mitigate the risk with this vulnerability. If you choose to apply these workarounds, it is important to unapply these workarounds as soon as the patch is available.
- Jason Miller