There is a reported vulnerability in Microsoft Windows that allows for code execution by simply viewing the location of a .LNK file with Windows Explorer or other file manager that can display icons. This is because Windows fails to properly obtain icons for LNK files and automatically executes code that is specified in the specially-crafted shortcut file. Viewing the location of a LNK file with Windows Explorer is sufficient to trigger the vulnerability. An attacker will most likely exploit this vulnerability via infected USB thumb drive/hard drive.
There is currently no patch available from Microsoft and this vulnerability exists in **ALL** versions of Microsoft Windows (Windows XP, Server 2003, Vista, Server 2008, Windows 7, etc...).
A) Disable the displaying of icons for shortcuts:
1. Click Start, click Run, type Regedit in the Open box, and then click OK
2. Locate and then click the following registry key:
3. Click the File menu and select Export
4. In the Export Registry File dialog box, enter LNK_Icon_Backup.reg and click Save
Note: This will create a backup of this registry key in the My Documents folder by default.
5. Select the value (Default) on the right hand window in the Registry Editor. Press Enter to edit the value of the key. Remove the value, so that the value is blank, and press Enter.
6. Restart explorer.exe or restart the computer.
B) Disable the WebClient service (if possible)
1. Start -> Run -> Services.msc
2. Right click on WebClient and select Properties
3. Change Startup type to Disabled. If the service is running, click Stop.
4. Click OK and exit services.
C) Disable autorun
Disable autorun will increase the amount of user interaction that is required to trigger this vulnerability, but it does not block this vulnerability, however.
For more information on how to disable autorun, please visit this Microsoft article: http://support.microsoft.com/kb/967715
D) Use least privilege
Whenever possible, log in and run programs as normal user and not as an administrator to limit the impact of this and other vulnerabilities.
For more information, please visit:
We will keep you posted as to when a patch is available from Microsoft.