Microsoft is arming Windows users with a new automated tool to help thwart exploits of a zero-day that has come under attack.
The bug, which lies in the Windows shell component of the operating system, exists because Windows parses shortcuts in a way that permits malicious code to be executed when the icon of a shortcut is displayed. In an update to an advisory first issued last week, the company added information about attack vectors, noting the bug can be exploited locally through an infected USB drive, remotely via network shares and WebDAV or through drive-by attacks from malicious sites.
To help block attacks, the company has released a “Fix it” tool to prevent shortcut icons from being displayed.
“This workaround will disable some icons from being displayed so we recommend administrators test this before deploying it wide,” blogged Christopher Budd, security response communications lead at Microsoft.
The company has also added information about a new workaround to the advisory on the issue, Budd noted. As an alternative fix, users can also block .LNK and .PIF files from downloading from the Internet, he wrote.
The “Fix it” tool requires a restart to work. Applying the fix will remove the graphical representation of icons on the Task and Start menu bars and replace them with white icons without the graphical representation of the icon, according to the company.
The vulnerability affects all versions of the operating system, including Windows XP Service Pack 2, which Microsoft recently stopped supporting.
The vulnerability was first uncovered by security firm VirusBlokAda, and has been linked to malware being used in targeted attacks.
“As always, we’ll update the security advisory and this blog with new information as it becomes available,” Budd wrote.
*UPDATE: This story was updated with new information from Microsoft.