F-Secure Warns Of Critical Vulnerability In All Versions Of Windows

Microsoft published a Security Advisory 2286198 confirming the existence of a critical vulnerability in all supported versions of Windows. The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares.

The shortcut vulnerability was discovered during investigation of the Stuxnet rootkit which has been used in targeted attacks aimed at Siemens SCADA systems. Such systems are used for supervisory control and data acquisition in industrial facilities such as power plants. The shortcut file used in this case is detected as Exploit: W32/WormLink.A.

The situation is now more critical because a publicly available proof of concept was posted to several exploit database sites over the weekend. Proof of concept exploit code is now in-the-wild and F-Secure fully expects virus writers to utilise this method of attack in the near future.

“This shortcut worm is very dangerous and the seriousness of the situation will increase until Microsoft releases a fix. And because Microsoft Windows XP Service Pack 2 is no longer supported, even the fix won’t fully resolve the issue. This is a major concern as F-Secure’s research shows that SP2 is still being used by many organisations,” said Sean Sullivan, Security Advisor at F-Secure.

F-Secure strongly recommend that companies and organisations migrate to Windows XP Service Pack 3 as soon as possible, or implement Microsoft’s suggested workarounds.

Additionally, organisations need to create or review their USB device policy. “This danger can be mitigated with best practices. If a company doesn’t have a security policy regarding USB devices, they’re at risk. Those that do have a policy should review it and make sure that it’s being followed. And this time is critical as summer vacation season is approaching,” said Sullivan.