Skip to main content

Windows under attack

Microsoft said it is investigating reports of targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows.

The critical, unpatched vulnerability is being exploited through infected USB flash drives.

Microsoft said the vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut.

The vulnerability is most likely to be exploited through removable drives, Microsoft said.

"In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware," Dave Forstrom, a director in Microsoft's Trustworthy Computing group, bogged. Forstrom claimed the vulnerability was seeing "limited, targeted attacks,"

But Chester Wisniewski, a senior insecurity staffer at Sophos, called the threat "nasty".

He says: "This rootkit is particularly nasty as it infects all Windows versions since XP, and as you see here it bypasses all Windows 7 security mechanisms, including UAC, and doesn't require administrative privilege to run."

Wisniewski adds: "Noticeably absent from [Microsoft's list of affected software] are Windows 2000 and Windows XP SP2 as they are no longer supported. They are, however, definitely still vulnerable."

All supported versions of Windows are vulnerable, including Windows XP SP3, Vista, Server 2003, Windows 7, Server 2008 and Server 2008 R2. The newly-launched betas of Windows 7 SP1 and Server 2008 R2 SP1 are also risky.

Microsoft it is actively working with partners in its Microsoft Active Protections Program (MAPP) to provide broader protections to customers.