With the release of Security Advisory 2286198, Microsoft expected to resolve a zero-day flaw that can be exploited by clicking a shortcut icon. However, it is now being questioned by security researchers with the availability of exploit codes. When the flaw is exploited, system can be compromised or malicious code can be run without any additional user intervention. Besides, UAC, and Windows 7 security controls can be circumvented.
Explaining how the flaw can be exploited, Microsoft said, "This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the affected folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled."
According to Microsoft’s workaround, one should disable the WebClient service and display of icons for all shortcuts to prevent exploit via WebDAV. However, these workaround can severely affect Windows operating systems and productivity of organization that depends on SharePoint. However, Chet Wisniewski, a Sophos security researcher, showcases an alternate temporary fix. "My advice is that if you have a controlled Windows deployment you will likely know where your users are executing software that is approved. In this case you can simply create a GPO that defines where software is allowed to run and if that does not include network shares this will provide you an equivalent level of protection without the nastiness of making all your icons turn into white sheets," he said. Analysts expect an out-of-band update to be issued soon by Microsoft.
