And one more notch on: Microsoft announced several days ago that another vulnerability a Windowsacquis was identified (sensational!) And were immediately taken steps to "training of" it.
Flaw was discovered in Windows Shell (Component Windows OS) And most likely allow the remote execution of malicious code (So far only limited attacks have been reported and targetATE).
What is the new vulnerability in? Windows?
Incorrect analysis shortcuturilor. If Windowsit displays the icon of a special shortcut prepared by the attackers can execute malicious code through it. Vulnerability can be exploited localBy internmediul a USB driveor remote, via Network sharing sites and by WebDAV (Extensions http allowing editing and file management through remote servers). Also exploitLinks may be included in various types of files that support fixing / embeduirea of shortcuts.
For still working on a update Security to solve the problem of Windows Shell, Microsoft has made it available to users Windows o temporary solution in Fix It Center.
Enable workaround | Disable workaround |
---|---|
Fix this problem
|
Fix this problem
|
Note: Applying this temporary solution will replace the graphic representation of the icons in the Taskbar and Start Menu with simple, white icons.
For those who prefer to solve the problem alone, can do using Registry Editor (Before using this method is necessary to perform a backup of the registryIn order to repair changes made when it is released security patch):
- open regedit (Start Menu-> Search-> regedit->Enter) and navigate to the key HKEY_CLASSES_ROOTlnkfileshellexIconHandler. in the right pane, delete the value entry Default.
- navigate to key HKEY_CLASSES_ROOTpifffileshellexIconHandler and delete the value entry Default in the right pane, then close regedit
To reset values default of registers change, it is enough to import in regedit the backup made before the changes are made, then restart the computer. Or you can navigate again to the registries above, and enter the entries Default the amount {00021401-0000-0000-C000-000000000046} (Valid for both inputs).
Note: Versions of Windows in which we encounter this vulnerability are the following:
- Microsoft Windows XP Service Pack 3, when used with:
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows 2003 Server Service Pack 2, when used with:
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, EnterEdition socket (32-bit x86)
- Microsoft Windows 2003 Server, Standard Edition (32-bit x86)
- Windows Vista Service Pack 1, when used with:
- Windows Vista Business
- Windows Vista Entertaking
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Starter View
- Windows Vista Ultimate
- Windows Vista Service Pack 2, when used with:
- Windows Vista Business
- Windows Vista Entertaking
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Starter View
- Windows Vista Ultimate
- Windows 2008 Server Service Pack 2, when used with:
- Windows Server 2008 Datacenter
- Windows server 2008 Entertaking
- Windows 2008 Standard Server
- Windows 7 Entertaking
- Windows 7 Home Basic
- Windows 7 Home Premium
- Windows 7 Professional
- Windows 7 Starter
- Windows 7 Ultimate
- Windows Server 2008 R2 Datacenter
- Windows Server 2008 R2 Entertaking
- Windows 2008 R2 Standard Server