Microsoft implemented the “Fix It” tool in an attempt to temporarily plug the security hole and prevent existing attacks that are already exploiting the vulnerability by disabling some icons from being displayed linked to shortcut files.

A shortcut is a link, represented by an icon and connected with the LNK extension, that connects a user to a specific file or program, intended to keep frequently accessed files in an easy-to-reach location. Disabling the shortcut icons would subsequently display icons as ‘white” default icons, and prevent malware from exploiting the vulnerability in attacks, although it wouldn’t impact usability.

All you need to do is open a device/network share/WebDav point that has a malicious shortcut, and the vulnerability is exploited! It will run whatever code you program it to run. It is really simple to exploit. Any criminal with basic skills can take advantage of this flaw. We have not seen much activity in the wild yet, but now that a proof of concept has been posted on the web it most likely will become a major issue in the near future.

Looking for answers to your Computer Forensics FAQ? Ask Computer Forensics questions and get answers at ComputerForensicsFAQ.com!