Kingsoft security expert comprehensively resolves Microsoft's lnk Vulnerability

Recently, information related to Microsoft's lnk Vulnerability (Shortcut Vulnerability) has been disclosed, because the use of this vulnerability to spread malware has a significant feature of "getting at a glance, immediately attract high attention from security vendors. Li tiejun, Kingsoft drug overlord antivirus expert, was invited to give a wide range of netizens a comprehensive explanation of Microsoft's lnk vulnerability, reminding the public to take necessary preventive measures as soon as possible.

What is Microsoft lnk Vulnerability (Shortcut Vulnerability?

When we start a program on a computer, we usually double-click the program shortcut first, and then start the corresponding program by the shortcut. The shortcut extension is lnk. The lnk files are mostly stored in the Quick Start bar of various program groups on the desktop, Start Menu, and taskbar.

In Windows, to display these beautiful icons in shortcuts, a task is assigned to Shell32.dll to parse the shortcut icons. In the parsing process of Shell32.dll, the files are parsed one by one using the "shortcut" File Format: first find the file path pointed to by the shortcut, and then find the icon resource that the shortcut depends on. In this way, you can see various beautiful icons on the Windows desktop and Start Menu. When you click these shortcuts, the corresponding applications will be executed.

Microsoft's Lnk vulnerability exploits the system parsing mechanism. Attackers maliciously construct a special Lnk (shortcut) file and carefully construct a string of program code to cheat the operating system. When Shell32.dll parses the code string, it determines that the "shortcut" depends on a system control (dll file), so it loads the "System Control" into the memory for execution. If the system control is a virus, Windows activates the virus when parsing the lnk file.

Why is Microsoft's lnk vulnerability so dangerous?

1. The most prominent feature of this vulnerability is that it is "getting at a glance". Dangerous programs run automatically without manual execution;

2. Machines with vulnerabilities are everywhere. Before Microsoft provides repair patches, almost all computers have vulnerabilities, which are potential targets of hacker attacks;

3. For a long time, no such serious system vulnerabilities can be used for attacks and the defense system is relatively weak. For example, because Kingsoft network security is very powerful in defending against webpage Trojans, there is almost no need to worry about browser component vulnerabilities. At the same time, because of the superior performance of Windows built-in firewall or third-party firewall, system vulnerabilities that can be used to initiate remote attacks and spread worms are basically controllable. However, Microsoft's lnk vulnerability has almost no good defense measures at this stage.

How does a virus exploit the Microsoft lnk Vulnerability (Shortcut Vulnerability) to spread?

Microsoft's Lnk Vulnerability (A Shortcut Vulnerability) has a very good trigger feature. One sentence is to say, "poisoning at a glance ". The virus transmitter will carefully construct a special lnk file and a virus file called by lnk. These files can be copied and disseminated through USB flash drives, mobile hard disks, and digital memory cards. You can also package the virus files in a compressed package of a normal program. When a virus is copied to or extracted to the target location and you use some Resource Manager software to access these folders, the virus program will be executed immediately without any other operations.

If the virus is stored in USB memory, most computers that have enabled the USB flash drive's automatic operation function can insert a USB flash drive to run the virus at the same time. If such a file exists in the shared files in the LAN, it will be immediately poisoned if normal computers access these shared folders.

This lnk file runs automatically, providing a rare opportunity for virus propagation. Kingsoft drug overlord security lab believes that more and more viruses will exploit the lnk Vulnerability (Shortcut Vulnerability.

Which users will be affected by Microsoft's lnk vulnerability?

Microsoft announced that all operating systems (including Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 versions) after Windows XP are affected. In China, there are about 2-3 million such computers.

How long does Microsoft lnk vulnerability harm last?

This vulnerability was discovered on July 15, July 16. By the next Microsoft routine vulnerability repair Day, there will be 2-3 weeks. However, it takes time for users to install patches. Many computers do not need to be patched.

According to the analysis by Kingsoft drug overlord Security laboratory, there are a large number of pirated Windows in China. These Pirated Windows may appear abnormal after being patched, and users may reject the patch.

These factors may cause many computers to be at risk from lnk vulnerabilities (shortcut vulnerabilities) for a long time.

How can we prevent the harm caused by Microsoft's lnk vulnerability?

1. Install the Windows Patch. After Microsoft officially updates, users must immediately install patches using Kingsoft guard (www.ijinshan.com) or Windows Update.

2. temporary solution: Install Kingsoft network security and obtain immunity against Microsoft lnk Vulnerability (Shortcut Vulnerability) after the upgrade.

3. Install Kingsoft drug overlord 2011 security package (www.duba.net), check the files stored in the USB flash disk, and promptly clean up the virus in the USB flash disk.

4. The network management should strengthen the management of LAN sharing permissions, disable uncontrolled full sharing, and prevent virus files from spreading in LAN shared folders.