Security vendor F-Secure has criticised the wording used in a Microsoft security advisory relating to a shortcut vulnerability in Windows.
F-Security posted a blog update which drew attention to the "proof of concept" code for an unpatched Windows shortcut vulnerability. The vulnerability means that shortcuts (.lnk files) can contain malicious code which cab be used to create viruses spread via USB drives for example.
The exploit means that just inserting USB stick and browsing the contents of a drive can execute the code, no clicking is required. Microsoft's security advisory had said: "For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled."
F-Secure took issue with the wording in this advisory because Windows 7 does indeed have AutoPlay enabled by default. This results in a dialog offering choices when a drive is inserted, clicking on browse contents would enable the attack. It seems likely Microsoft confused AutoPlay and AutoRun as F-Secure point out.
"Ordinarily we wouldn't pick these small nits with Microsoft but we think this is particularly important as it's the advisory that provides official information for those assessing risk to their organizations," said F-Secure.
Advertisement
Related Stories
- Over half of UK companies infected by malware Feb 13th 2012 at 11:57AM
- Microsoft gets heavy on educational pricing Feb 13th 2012 at 5:54AM
- Windows 8 'consumer preview' at the end of February Feb 9th 2012 at 7:36AM
- Microsoft gets stingy with Technet Feb 6th 2012 at 7:11AM
- Microsoft UK pricing could rise Feb 3rd 2012 at 12:06PM
- Microsoft Windows Phone 8 details emerge Feb 3rd 2012 at 6:49AM
- Google describes 'Bouncer' Android anti-malware system Feb 3rd 2012 at 6:41AM
- Apple OS X updates released Feb 2nd 2012 at 5:44AM
- Symantec tells users to disable PCAnywhere Jan 27th 2012 at 7:10AM
- Windows 8 wireless networking improvements Jan 23rd 2012 at 5:38AM
Follow Follow this article if you would like to receive notifications of updates.
Add a new comment
You need to be logged in to post comments. If you do not have an account then please register.
Comments
0 comments
There are no comments yet, be the first to add one!