Microsoft Launches 'Fix It' Tool For .LNK Flaw

Microsoft implemented the "Fix It" tool in an attempt to temporarily plug the security hole and prevent existing attacks that are already exploiting the vulnerability by disabling some icons from being displayed linked to shortcut files.

A shortcut is a link, represented by an icon and connected with the LNK extension, that connects a user to a specific file or program, intended to keep frequently accessed files in an easy-to-reach location. Disabling the shortcut icons would subsequently display icons as 'white" default icons, and prevent malware from exploiting the vulnerability in attacks, although it wouldn't impact usability.

The Fix It solution will require a restart to effectively block attacks, Microsoft said in an updated advisory Tuesday.

Microsoft also issued a workaround in its updated advisory that included blocking downloads of .LNK and PIF files, which can be transferred over WebDav.

Microsoft warned users last week of a critical flaw in the Windows Shell, a Windows component, occurring in the way that Windows parses shortcut files, which has already enabled hackers to execute malicious code remotely via infected USB drives or remotely on network shares and WebDAVs.

During an attack, a hacker could create and circulate a virus on a removable media drive containing the malicious shortcut file. Malware would then be executed on users' computers once they opened the drive in Windows Explorer, or another application that parses shortcut files. An attacker could also embed exploit code in a malicious Web site or remote network share, which would automatically infect users in drive-by download attacks, according to Microsoft.

An attacker could also embed an exploit in a document that supports shortcuts or a hosted browser control, such as any number of Microsoft Office documents.

Once exploited, hackers could run malicious code that could incorporate a user's computer in a giant botnet, and install malicious software designed to steal sensitive information.

The vulnerability affects numerous Windows platforms, including Windows Vista and fully patched Windows 7 systems.

The workaround provides a temporary fix until Microsoft issues a fix, either in a regularly scheduled update cycle or out-of-band patch, that plugs the hole for good.