Attackers target Windows Shell zero-day via USB sticks

A new Microsoft advisory warns users about targeted attacks against a new Windows Shell zero-day vulnerability.

A new zero-day vulnerability in Microsoft's graphical user interface is being targeted by attackers using USB sticks and other removable drives.

Microsoft issued a security advisory late Friday warning users of limited, targeted attacks against Windows Shell, the main Windows GUI that organizes the desktop and file system. The attacks work on virtually all versions of Windows and could enable a cybercriminal to take complete control of a victim's machine.

The attack targets the way Windows parses shortcut icons on a user's system. Microsoft said disabling AutoPlay makes it more difficult for the attack to work. As a workaround, the software giant suggests disabling the displaying of icons for shortcut items so end-users cannot view and click on shortcuts.

In addition the attack can be carried out remotely through network shares or remote WebDAV shares. Microsoft said disabling the WebClient service blocks attackers from using WebDAV client service to exploit the vulnerability.

Researchers at VirusBlokAda, an antivirus vendor based in Belarus, detected new malware in June on USB drives that attempted to exploit the vulnerability. The malware installs two drivers designed to make the malware undetectable, the company said.

"You just have to open infected USB storage device using Microsoft Explorer or any other file manager which can display icons … to infect your operating system and allow execution of the malware," wrote Sergey Ulasen of VirusBlokAda.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close