Vulnerability in Windows Shell
On July 16, 2010, Microsoft released Advisory 2286198 which stated that Microsoft is investigating reports of targeted attacks exploiting the way Windows displays icons of shortcut (.lnk) files.
Browsing a folder that contains a maliciously crafted Windows shortcut can allow an attacker to run code at the level of the logged on user. This can compromise a user's computer regardless of the location of the malicious file. This can be a local folder on the hard drive, a USB attached drive, a mapped drive, or a drive connected via WebDAV. Devices and drives that are shared by a large number of users present a greater risk than devices used by a single user.
This affects all supported versions of Microsoft Windows.
Before the Microsoft advisory was published, this attack was only used in very limited instances. After the announcement of the vulnerability by security researchers, easy methods of crafting malicious .lnk files have appeared on the Internet and we expect use of the this attack vector to increase.
On August 2, 2010, Microsoft released an out of band (outside the normal patch schedule) bulletin, MS10-046 to address the underlying vulnerability. This patch is considered critical on all supported Windows Operating Systems and should be applied as soon as possible.
Limit exposure to possibly malicious shortcut files by disabling the Autorun functionality in Windows. Instructions for this can be found on the Microsoft web site in KB article 967715.
Run up-to-date antivirus software. Symantec stated that Symantec Endpoint Protection has b