A new zero-day vulnerability in Microsoft's graphical user interface is being targeted by attackers using USB sticks...
and other removable drives.
Microsoft issued a security advisory late Friday warning users of limited, targeted attacks against Windows Shell, the main Windows GUI that organizes the desktop and file system. The attacks work on virtually all versions of Windows and could enable a cybercriminal to take complete control of a victim's machine.
The attack targets the way Windows parses shortcut icons on a user's system. Microsoft said disabling AutoPlay makes it more difficult for the attack to work. As a workaround, the software giant suggests disabling the displaying of icons for shortcut items so end-users cannot view and click on shortcuts.
In addition the attack can be carried out remotely through network shares or remote WebDAV shares. Microsoft said disabling the WebClient service blocks attackers from using WebDAV client service to exploit the vulnerability.
Researchers at VirusBlokAda, an antivirus vendor based in Belarus, detected new malware in June on USB drives that attempted to exploit the vulnerability. The malware installs two drivers designed to make the malware undetectable, the company said.
"You just have to open infected USB storage device using Microsoft Explorer or any other file manager which can display icons … to infect your operating system and allow execution of the malware," wrote Sergey Ulasen of VirusBlokAda.