News Stay informed about the latest enterprise technology news and product updates.

Vulnerability in Windows Shell could allow remote code execution

Thanks to Paul Thurrot’s SuperSite for turning me on to a serious Windows vulnerability related to the same shell shared by “… all modern Windows versions from Windows XP through7, including all Server versions…” There’s also a July 21, 2010 Microsoft Security Advisory (2286198) that explains this issue available, that’s probably worth reading, too.

Here’s the 10,000 foot view: a Belarussian security firm named VirusBlokAda reported its discovery on June 17 that Windows passes shortcuts in such as way as to enable malicious code to be executed when the icon for a specially-crafted shortcut gets displayed (the code is attached to the icon image, so that processing the image for display also causes the attached code to run). Microsoft plans to issue a fix on the August Patch Tuesday (8/9/2010) but the Security Advisory includes a workaround that may be applied in the iterim. Basically it strips all shortcuts of their icons (no display, no possibility of running malicious code: get it?) so that users enjoy security from this vulnerability at the cost of little white boxes for shortcuts instead of pretty icons.

In testing the workaround on my Windows 7 x64 test machine I also encountered the new Microsoft Fix It facility, which applied the patch (and gave me access to a reverse the fix tool as well). Pretty interesting stuff, and I expect to see it used more often as Microsoft steps up its proactivity in dealing with security glitches in advance of published updates, as in this case. Kewl!

As an aside, I personally hate shortcuts and always opt to keep them off my desktop in 99 out of 100 cases. Who knew that what I thought was an esthetic foible could turn out to be a best security practice?

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

If you install the FixIt workaround available in KB2286198, even if you install the follow-on Security Update (MS 10-046), you must still return to the KB article page, and then run the uninstall the patch FixIt program to get your icons back to normal on your desktop. Apparently MS didn't write code to check for that patch/hotfix application nor did it choose to reverse the workaround as part of applying the follow-on update. Given that there was less than a week between workaround and long-term update, I guess you can't blame them. But man, I was disappointed when after applying the latest out-of-band update, it didn't also restore my icons from the blank white page look to their original full-color glory. Just another day in the IT trenches, I guess! --Ed--