Windows Shortcut Exploit, also known as CPLINK, is a zero-day vulnerability in all versions of Windows that allows a Windows shortcut link, known as an .lnk file, to run a malicious DLL file. The dangerous shortcut links can also be embedded on a website or hidden within documents.
The exploit works when you open a device, network share or WebDav point carrying an infection—you don't need to click on anything for the exploit to work, even if you have AutoPlay and AutoRun disabled.
There was no patch from Microsoft to fix this exploit but now Microsoft has released an out-of-band security update to address this exploit.
According to Microsoft Security Bulletin, this security update resolves the vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
For users using automatic updates, this update will automatically be applied once it is released. Users not using automatic updates should download, test and deploy this update as quickly as possible.
Download Links:
- Windows XP SP3
- Windows XP Professional SP2 64-bit
- Windows Server 2003 SP2
- Windows Server 2003 SP2 64-bit
- Windows Server 2003 SP2 for Itanium-based Systems
- Windows Vista SP1 and SP2
- Windows Vista SP1 and SP2 64-bit
- Windows Server 2008
- Windows Server 2008 64-bit
- Windows Server 2008 for Itanium-based Systems
- Windows 7
- Windows 7 64-bit
- Windows Server 2008 R2 64-bit
- Windows Server 2008 R2 for Itanium-based Systems
This article was posted by VG in following section: Windows 7, Windows Vista, Windows XP.
If you enjoyed this article, subscribe to our RSS feed or free newsletter to get all new articles directly in your Inbox. Also check out our popular articles and archive to read other interesting articles.
Uewd
After I clicked on the download link: Windows Vista SP1 and SP2 ,a microsoft page opened with the download details. I downloaded the file but when I opened it a window appeared (Windows Update Standalone Installer) after about two seconds it gave me an error message: This update doesn't apply to your system.
What does this mean?
Uewd
Using my Vista PC I clicked on the download link: Windows Vista SP1 and SP2 ,a microsoft page opened with the download details. I downloaded the file but when I opened it a window appeared (Windows Update Standalone Installer) after about two seconds it gave me an error message: This update doesn't apply to your system.
What does this mean?
VG
^^ Do you have SP1 or SP2 installed in your system?
Uewd
My Only OS is Vista Home Basic SP2
Uewd
I recently Upgraded to Windows 7 Ultimate, I got this update via Windows Update and it succeed in installation.