Infosecurity - Panda Security CIO calls latest Windows zero-day flaw 'scary' – suggests Microsoft workaround is essential

The July 16 admission by Microsoft about its latest zero-day flaw in which the software giant explained that a vulnerability exists because Windows incorrectly parses shortcuts so that malware can be executed when a shortcut icon is displayed – and not clicked through – has been described as scary by Panda Security's CIO Luis Corrons.

Writing in his security blog, Corrons says this effectively translates to mean "any folder you open with a .lnk file (you know, those nice shortcuts we all have in our desktop) can execute a file without asking for permission".

"Yes, scary, I know", he said.

The main problem, says Corrons, is that this is not a vulnerability per se, but a feature.

"And it is included in all Windows versions, even those that are not supported anymore. And as it has to be fixed in each and every version of Windows, it will take more time to develop and test the patch", he explained.

According to the Panda Security CIO, Microsoft already had a workaround, and now has published a user-friendly version of the solution.

One of the side effects when applying the patch, he says, is that you will 'lose' the image of some of your icons.

"Well, this doesn't look nice but it is better than being infected. And, at least, you can see what it is when you put the mouse pointer over it", he said.

"So now, please, everybody using Windows has to apply the workaround, it is mandatory, as it is a matter of time to start seeing new malware using this technique to spread infections worldwide", he added.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Share

Related Links

Top 5 Stories

News

Panda Security CIO calls latest Windows zero-day flaw 'scary' – suggests Microsoft workaround is essential

Comment on this article

Members' Login

Not a member?