Posted in PC Security , Windows 7 , Windows Vista , Windows XP
Windows Shortcut Exploit, also known as CPLINK, is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link, known as an .lnk file, to run a malicious DLL file. The dangerous shortcut links can also be embedded on a website or hidden within documents.
The exploit works when you open a device, network share or WebDav point carrying an infection—you don't need to click on anything for the exploit to work, even if you have AutoPlay and AutoRun disabled.
There was no patch from Microsoft to fix this exploit but now Microsoft has released an out-of-band security update to address this exploit.
According to Microsoft Security Bulletin, this security update resolves the vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
For users using automatic updates
, this update will automatically be applied once it is released. Users not using automatic updates should download, test and deploy this update as quickly as possible.
- Windows XP SP3
- Windows XP Professional SP2 64-bit
- Windows Server 2003 SP2
- Windows Server 2003 SP2 64-bit
- Windows Server 2003 SP2 for Itanium-based Systems
- Windows Vista SP1 and SP2
- Windows Vista SP1 and SP2 64-bit
- Windows Server 2008
- Windows Server 2008 64-bit
- Windows Server 2008 for Itanium-based Systems
- Windows 7
- Windows 7 64-bit
- Windows Server 2008 R2 64-bit
- Windows Server 2008 R2 for Itanium-based Systems
Comments (0)
Post a Comment