Gladiator Research and Security

GSA Reference Number: AD100719-01

Simply Put: Microsoft has released an advisory for a code execution vulnerability in Microsoft Windows Shell.  This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7.  This vulnerability can be exploited if a user opens a USB device or network share with a malicious-crafted shortcut file (.lnk).  Microsoft has also been alerted to attacks using this exploit code.  Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible.  No patch has been released as of yet.