Security Market Segment LS
Thursday, 22 July 2010 09:33

Microsoft's Fix It for Stuxnet vulnerability


Microsoft has released a temporary fix for a Windows Shell vulnerability that is being exploited by the Stuxnet malware.

Earlier this month, Microsoft warned of real-world attacks exploiting a vulnerability in Windows Shell that allowed the execution of code during the display of a maliciously crafted shortcut's icon.

The issue can be exploited via USB drives, network shares, and WebDAV. It does not use the AutoPlay feature.

Microsoft has suggested three workarounds while a permanent fix was being developed: a registry change that disables the display of shortcut icons, disabling the WebClient service, and using a network firewall or similar to block the download of LNK and PIF files from the Internet.

The vulnerability is being exploited in conjunction with the Stuxnet malware, which is now blocked by most, if not all, security products.

Microsoft has now released an automated 'Fix It' to suppress the display of shortcut icons. The Fix It works on Windows XP, Vista, Windows 7, Server 2003, and Server 2008.

The Fix It is not without its problems - see page 2.

A disadvantage of this workaround is that it results in the display of generic icons in the Task bar and the Start menu, which many users would find disconcerting.

According to Symantec, Stuxnet is a high-quality rootkit initially seen most commonly in India, Indonesia and Iran. Part of its function appears to be to access SCADA (supervisory control and data acquisition - ie, industrial control) systems, leading to suggestions that the motivation might have been commercial or state-sponsored espionage, or terrorism.



As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments