New 'Windows Shortcut Flaw' High Risk, Affects All Users

Dennis Faas's picture

A new Windows zero-day flaw has gone public. Known as the "Windows Shortcut flaw", the exploit affects all versions of Microsoft Windows. What's important to note is that merely opening or viewing an infected USB stick can infect a computer -- even on systems where Windows Autoplay is disabled.

The flaw affects files which have the file extension .LNK, otherwise known as a "Windows Shortcut" file. Shortcut files are essentially copies of program icons and tell Windows where the original program is located.

For example, normally one would have to click Start -> Programs -> Accessories to access the Windows Calculator, but if its icon was dragged from the Start menu to the Windows desktop, this would make a shortcut of the program directly accessible via the desktop. It is these types of shortcut files that are used in the exploit.

Industrial Attack Targets Common Windows Users

The Windows Shortcut exploit first made headlines last week, when the W32/Stuxnet-B worm used infected USB memory sticks to attack Siemens industrial automation systems. (Source:

Reacting to the threat, the SANS Institute's Internet Storm Centre designated the flaw with its yellow alert status -- the first time that threat level has been reached in several years.

According to Internet Storm Centre's Lenny Zeltser, widespread infections may be inevitable. "We believe wide-scale exploitation is only a matter of time," Zeltser said. (Source:

Flaw Difficult to Detect; Microsoft Scrambles for Fix

Microsoft has admitted it's aware of the issue and has published several workarounds. Its main challenge is developing a patch as soon as possible for the next Patch Tuesday in early August. Experts aren't sure if it will make that date.

Zeltser believes the complexity of the flaw and its availability to the public make for a perfect storm of activity surrounding the vulnerability.

"The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch. Furthermore, anti-virus tools' ability to detect generic versions of the exploit have not been very effective so far," he said.

Rate this article: 
No votes yet