And one more on the raboj: Microsoft announced a few days ago that another Windows vulnerability was identified (sensational!) and immediately measures were taken to "train" it.

Bresa was discovered in Windows Shell (component Windows OS) and most likely allows the execution of malicious codes remotely (so far only limited and targeted attacks have been reported).

What is the new vulnerability in Windows?

Incorrect analysis of shortcuts. If Windows displays the icon of a shortcut specially prepared by the attackers, they they can execute malicious code through it. Vulnerability can be operated locally, through the medium of a USB drive, or remote, through network shares and through WebDAV (extensions http which allow editing and managing files through remote servers). Also, exploit-s can also be included in various types of files that it supports pinning/embedding shortcuts.

Because they are still working on one Security update which will solve this problem from Windows Shell, Microsoft has made available to Windows users a temporary solution in Fix It Center.

 

Enable workaround	Disable workaround
Fix this problem Microsoft Fix it 50486	Fix this problem Microsoft Fix it 50487

Note: Applying this temporary solution will replace the graphic representation of the Taskbar and Start Menu icons with simple, white icons.

For those who prefer to solve the problem themselves, they can do it using the register editor (before using this method it is necessary to perform a back-up of the registers, to be able to fix the changes made when it will be launched security patch):

• open regedit (Start Menu->Search->regedit->Enter) and navigate to the key HKEY_CLASSES_ROOTlnkfileshellexIconHandler. in the right panel, delete the input value Default.
• navigate to the key HKEY_CLASSES_ROOTpiffileshellexIconHandler and delete the input value Default from the right panel, then close regedit

In order to reset the default values ​​of the registers modified, it is enough to imported in regedit the backup made before the changes are made, then restart the computer. Or you can navigate again to the registries above, and enter the entries Default the value {00021401-0000-0000-C000-000000000046} (valid for both entries).

Note: The Windows versions in which we encounter this vulnerability are the following:

• Microsoft Windows XP Service Pack 3, when used with:
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
• Microsoft Windows Server 2003 Service Pack 2, when used with:
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
• Windows Vista Service Pack 1, when used with:
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Starter
  • Windows Vista Ultimate
• Windows Vista Service Pack 2, when used with:
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Starter
  • Windows Vista Ultimate
• Windows Server 2008 Service Pack 2, when used with:
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
• Windows 7 Enterprise
• Windows 7 Home Basic
• Windows 7 Home Premium
• Windows 7 Professional
• Windows 7 Starter
• Windows 7 Ultimate
• Windows Server 2008 R2 Datacenter
• Windows Server 2008 R2 Enterprise
• Windows Server 2008 R2 Standard