Microsoft has warned its Users that there is a Windows bug that could open the door to a damaging set of attacks. The Windows shell flaw actually causes some effects on several of the popular and still highly usable versions of the operating system. In fact, Microsoft has suggested quite a handful of the workarounds that could possibly block the flaw from being unfairly exploited. Security experts, on the other hand, say a patch is what’s really needed quickly.
Windows Shell flaw is actually the one that Microsoft (NASDAQ: MSFT) distributed a security advisory of on Friday. Security experts fear that this may lead to computer widespread attacks. The vulnerability attacks using Windows shortcut icons which are displayed on the user’s computer screens. This can be exploited through the use of removable drivers or over computer networks. Microsoft has even suggested some workarounds but security experts have shown that these workarounds have a problem of their own.
What is the Windows Shell Flaw?
In Windows 95 and its successors, the Windows Shell is the explorer.exe. This resides in the Windows folder or in one of its subfolders like the System32. This displays the icons on the user’s desktop, the taskbar, the Start Menu and the file browser. This will launch other programs if requested. An example would be when the shell launches the Microsoft Word when the user clicks on the Word icon using his desktop screen.
The icon that is used for an application is the link to it. It is also more popularly known as a shortcut. Shortcuts are the implemented files with a distinct .LNK extension. There are also times when the Windows Shell does not correctly validate the specific parameters of the shortcut when trying to load it. This is the vulnerability that exists in the shell. Microsoft said that the Security Advisory 2286198 was released to the public this Friday.
There are attackers who might exploit the vulnerability and could run the arbitrary code on a victim’s system. If a user has the administrative rights, an attacker might be able to fully take over the system and obtain the full user rights which will allow him to install all of the programs that he or she wants, view or change and delete the data or even create new accounts.
The Exploitation of this Flaw
This kind of vulnerability exists in every version of Windows. This can be exploited by a worm that ESET has named the “Win32/Stuxnet.” Stuxnet is able to use .LNK files placed on USB drives that can automatically execute malware as soon as the operating system on the PC of the user reads the files.
The first thing it does is inject what is regarded as a “backdoor worm” that is famous all over the world for “Win32/Stuxnet A” on the victim’s personal computer. It then proceeds to install two of its Trojans onto one PC. One, the “Win32/Stuxnet A” works by hiding the actual presence of these .LNK files. The second one is called “Win32/Stuxnet B”. This on the other hand, injects data blobs that have been formerly encrypted, files with the .tmp extension into the memory. They serve different purposes like .LNK files and other drivers with the propagation files that are capable of spreading this worm.
As of now, Microsoft is working on solving the problem, Jerry Bryant, one of the group managers at this software giant. Microsoft will be providing a security update for the vulnerability which is described in the Security Advisory 2286198. The timeline for this release has yet to be determined. As of now, Microsoft is continuing to see into these mitigations and workarounds.