Forbidden Web

Jul 16, 2010 Microsoft Windows LNK Vulnerability
US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to improper handling of LNK files. Microsoft uses LNK files, commonly referred to as "shortcuts" as references to files or applications. By convincing a user to display a specially-crafted LNK file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user.

At this time, US-CERT is unaware of a practical solution to this problem but encourages users and administrators to consider implementing the following best practice security measures to help reduce the risks:
  • Disable AutoRun as described in Microsoft Support article 967715.
  • Implement the principle of least privilege as defined in the Microsoft TechNet Library.
  • Maintain up-to-date antivirus software.
Additional information can be found in the US-CERT Vulnerability Note VU#940193.

US-CERT will provide additional information as it becomes available.