Blog Details

  • Home
  • Windows Shell Vulnerability

At the back end of last week a major security flaw was found in all currently supported versions of Windows whereby potential malware could be executed on your PC via Shortcut Files, Internet Favourites, USB Memory Sticks, Network Shares and WebDAV Folders.

Microsoft has confirmed the flaw does exist and is as serious as first reported:

https://www.microsoft.com/technet/security/advisory/2286198.mspx

There is currently no fix available and it is quite likely that Microsoft will release an out of cycle fix once one it is available, however they have release a “Fix it” that should workaround the problem for now:

https://support.microsoft.com/kb/2286198

The workaround does however disable icons on all affected files, so all shortcuts in your Start Menu, on your Desktop, in Favourites, etc will show as just a blank white icon.

Icon Picture from Microsoft 

 Start Menu Picture from Microsoft

Understandably this workaround could be quite annoying, so, the choice is yours, functionality or security, until a proper fix is released. It is also worth mentioning however that this workaround can be disabled again using another “Fix it” on the same page (above) if you find it too annoying.

On the flip side, the vulnerability is pretty serious and does not even need you to execute the shortcut file / internet favourite, just simply opening a folder with it in could be enough!

As usual, you use any of the information here at your own risk. We are not responsible for any issues relating to this blog. Existing customers can of course contact us on the Helpdesk. If you are not a customer and require any assistance though please feel free to contact us about our IT Support.

Acknowlegement to Steve Gibson and TWiT

Leave Comment