Article

Attackers target Windows Shell zero-day via USB sticks

SearchSecurity.com Staff

A new zero-day vulnerability in Microsoft's graphical user interface is being targeted by attackers using USB sticks and other removable drives.

Microsoft issued a security advisory late Friday warning users of limited, targeted attacks against Windows Shell,

    Requires Free Membership to View

the main Windows GUI that organizes the desktop and file system. The attacks work on virtually all versions of Windows and could enable a cybercriminal to take complete control of a victim's machine.

The attack targets the way Windows parses shortcut icons on a user's system. Microsoft said disabling AutoPlay makes it more difficult for the attack to work. As a workaround, the software giant suggests disabling the displaying of icons for shortcut items so end-users cannot view and click on shortcuts.

In addition the attack can be carried out remotely through network shares or remote WebDAV shares. Microsoft said disabling the WebClient service blocks attackers from using WebDAV client service to exploit the vulnerability.

Researchers at VirusBlokAda, an antivirus vendor based in Belarus, detected new malware in June on USB drives that attempted to exploit the vulnerability. The malware installs two drivers designed to make the malware undetectable, the company said.

"You just have to open infected USB storage device using Microsoft Explorer or any other file manager which can display icons … to infect your operating system and allow execution of the malware," wrote Sergey Ulasen of VirusBlokAda.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: