Microsoft announced the discovery of a 0-day vulnerability in Windows Shell that bypasses all Windows 7 security mechanisms and doesn't require administrative rights to run. The vulnerability is caused by improper handling of shortcuts, and security researchers from Sophos warn the exploit can be used to infect Windows 7 systems with a rootkit. It's still unclear when Microsoft will plug this hole, in the meantime the software giants recommends to disabling icons for shortcuts and switching off the WebClient service to prevent attacks.
The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has "seen only limited, targeted attacks on this vulnerability."
For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft's advisory, exploitation may also be possible via network shares and WebDAV shares. Microsoft states that the exploit affects all Windows versions since Windows XP, including Windows 7. However, Security Researcher Chester Wisniewski of Sophos, reports that Windows 2000 and Windows XP SP2 (both unsupported by Microsoft) are affected by the flaw.
