Windows .LNK Flaw Exploit

I posted a note last week about a new Windows security vulnerability, related to its processing of shortcut (.LNK) files.  The Internet Storm Center  [ISC]at SANS is now reporting that  code to implement an attack on this vulnerability has been published within the Metasploit  framework.

The ISC has raised its assessment of the overall Internet threat level from Green to Yellow.  (Who decides these colors, anyway?)   I think this is a potentially serious thret, because it requires so little in the way of user action to succeed.

Microsoft has not yet issued a patch for this, but there are some mitigation steps listed in its Security Advisory.

I’d expect Microsoft to issue a patch for this in its regular update in August.  If I discover anything further, I’ll post a follow-up note.

One Response to Windows .LNK Flaw Exploit

  1. […] vulnerability is documented in Microsoft Security Advisory 2286198.)  A few days later, there were reports of an exploit being published, and apparently some well-known malware sources have begun to include exploits for […]

%d bloggers like this: