Microsoft warns of "Remote Code Execution vulnerability in Windows Shell" via MSA (2286198)

Microsoft notifies about the "security vulnerability in Windows Shell." Microsoft said "this vulnerability is most likely to be exploited through removable drives. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when user clicks the displayed icon of a specially crafted shortcut. For systems that've AutoPlay […]

Microsoft notifies about the "security vulnerability in Windows Shell." Microsoft said "this vulnerability is most likely to be exploited through removable drives. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when user clicks the displayed icon of a specially crafted shortcut. For systems that've AutoPlay disabled, customers would need to manually browse to root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled."

Customers should be aware that signatures in up-to-date versions of Microsoft Security Essentials, Forefront Client Security, Windows Live OneCare, Forefront Threat Management Gateway, and Windows Live Safety Platform protect customers against the "Stuxnet malware".

For mitigations and tested workarounds refer to Security Advisory 2286198.

[Source]