New Windows OS malware found out

The advisory notes that vulnerability occurs because "Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed." They warn that the vulnerability is most likely to be exploited through removable drives. They reassure that customers who have systems that have the AutoPlay function disabled need to manually browse to the affected folder of the removable disk in order for the vulnerability to be exploited. Further, Windows 7 systems have AutoPlay functionality for removable disks automatically disabled. Meanwhile, Microsoft is working on a security update for Windows to address this vulnerability.

Microsoft says that Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008 are affected.

Stuxnet malware

Belorussian antivirus company VirusBlokAda reported that malicious software called the Stuxnet malware has been circulating since June to take advantage of this vulnerability. The malware uses .lnk files placed on USB drives to execute malicious code when the Windows OS reads the .lnk file.

Microsoft's Malware Protection Center blog explains that "In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction."

To mitigate the risk of compromise, Microsoft recommend the workaround of disabling the display of icons for shortcuts and the WebClient service.

Reports note that the malware also targets Siemens SCADA WinCC, an industrial process control system, and its visualization components.