DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 28, 2016 
Main Menu
News archives

Who's Online
There are currently 89 people online.


Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin

Follow us

Critical flaw found in Windows Shell

Posted on Monday, July 19 2010 @ 18:30:09 CEST by

Microsoft announced the discovery of a 0-day vulnerability in Windows Shell that bypasses all Windows 7 security mechanisms and doesn't require administrative rights to run. The vulnerability is caused by improper handling of shortcuts, and security researchers from Sophos warn the exploit can be used to infect Windows 7 systems with a rootkit. It's still unclear when Microsoft will plug this hole, in the meantime the software giants recommends to disabling icons for shortcuts and switching off the WebClient service to prevent attacks.
The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has "seen only limited, targeted attacks on this vulnerability."

For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft's advisory, exploitation may also be possible via network shares and WebDAV shares. Microsoft states that the exploit affects all Windows versions since Windows XP, including Windows 7. However, Security Researcher Chester Wisniewski of Sophos, reports that Windows 2000 and Windows XP SP2 (both unsupported by Microsoft) are affected by the flaw.

Source: NeoWin



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba