Friends

Tuesday, April 12, 2011

Microsoft Releases Out-of-Band Security Update to Address Windows Shortcut Exploit aka CPLINK

Windows Shortcut Exploit, also known as CPLINK, is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link, known as an .lnk file, to run a malicious DLL file. The dangerous shortcut links can also be embedded on a website or hidden within documents. The exploit works when you open a device, network share or WebDav point carrying an infection—you don't need to click on anything for the exploit to work, even if you have AutoPlay and AutoRun disabled.
There was no patch from Microsoft to fix this exploit but now Microsoft has released an out-of-band security update to address this exploit.
According to Microsoft Security Bulletin, this security update resolves the vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
For users using automatic updates, this update will automatically be applied once it is released. Users not using automatic updates should download, test and deploy this update as quickly as possible.
Download Links:

0 comments:

Post a Comment

#
### ###