Trojan attacks on dangerous errors in Windows
An unpatched vulnerability in Windows has been confirmed by Microsoft that could be exploited by hackers to take control of the new " favor " trojan system.
Microsoft has officially terminated technical support for Windows XP SP2 on July 13, similar to the Windows Vista version on April 13, 2010. Therefore, the newly discovered vulnerability threatens Windows XP SP2 users may not be patched by Microsoft, instead the software company recommends that users upgrade immediately to Windows XP SP3 to be able to update patch when it is released.
Microsoft is still supporting Windows operating system versions including: Windows XP SP3, Vista, Server 2003, Windows 7, Server 2008, Server 2008 R2 and even upcoming beta versions of Windows 7 SP1 and Server 2008 R2 SP1.
Dangerous errors are in the "shortcut" files (* .Ink format) of Windows, these files are usually located on the desktop or Start menu interface. The attacker will use a USB storage device containing a " shortcut " file that has been embedded in the malicious code on the user's computer. If the victim views the content on the USB flash drive with file managers such as Windows Explorer, the system will be taken over.
In addition, the error can also be exploited remotely via USB flash drive. The "shortcut" files embedded with malicious code can be distributed over the internet.
- Error code: 2286198
- Windows versions are affected by errors: Windows XP SP3, XP Pro x64 SP2, Windows Server 2003 SP2, Server 2003 x64 Edition SP2, Vista SP1 / SP2, Vista x64 SP1 / SP2, Windows Server 2008 / SP2 and x64 / SP2, Windows 7 32-bit and 64-bit, Windows Server 2008 R2 64-bit.
- Patch: not yet released
According to Dave Forstrom , director of Trustworthy Computing group of Microsoft said the error is being exploited by Stuxnet malicious code. The Microsoft team has discovered more than 6,000 plots to infect Windows XP SP2-based computers since July 15. Stuxnet contains a type of trojan that downloads remote attack code including rootkits hidden in the system .
Chester Wisniewski , a senior security expert at Sophos, said the error could be successfully exploited even if two AutoRun and AutoPlay functions (self-activating content on the drive) were locked. Rootkits will bypass Windows' security check system including UAC found in Windows Vista and Windows 7 (UAC - User Account Control, the action confirmation window will usually appear every time an user performs an operation. on Windows).
Microsoft has not officially announced the release date of the patch. Windows users may have to wait for a regular patch on August 10.
How to prevent temporary errors
Users are advised by Microsoft to temporarily lock the shortcut display function and turn off the WebClient service until an official patch is available. Since locking the display of the shortcut must be done in the Registry system, it may cause problems for Windows so readers need to back up the registry before proceeding.
To lock the shortcut file, do the following:
- Go to Start , Run , type regedit and Enter to open the Registry system.
- Find the value key: HKEY_CLASSES_ROOTlnkfileshellexIconHandler , click the File menu and select Export .
- In the Export Registry File dialog box, enter the name LNK_Icon_Backup.reg and click Save . The backup file will be put in the My Documents folder .
- Select the value ( Default ) in the right pane of Registry Editor , press Enter to change the value. You remove the value, leave it blank and press Enter to confirm the change.
Exit Registry Editor , restart the computer to execute the changes. Your desktop will lose shortcut files.
To turn off the WebClient service, type Services.msc in the Start - Run dialog box and click OK . Must select on WebClient, click Stop to stop if this service is active or Disabled to lock.
After updating the patch, you can restore the registry and reactivate the WebClient service.
You should read it
- Stuxnet worm targets Iran's nuclear reactor
- Microsoft patched drive-by errors in March
- Learn super viruses that are threatening the global industry
- Analyze DLL hijacking attacks
- Hackers publish Windows attack code
- Three critical holes in Linksys routers, hackers can take advantage of hijacking
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement cases
- More than 40 Windows drivers contain dangerous privilege escalation vulnerabilities
- New discovery of the first version of Stuxnet malicious code
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- Critical error on Skype allows hackers to execute malicious code remotely
- Microsoft patched a critical vulnerability in Windows
Maybe you are interested
How to Enable and Disable Tabs in File Explorer on Windows 11
5 macOS Sequoia Features Not Available on Windows 11
Why does Windows operating system have such a bad reputation?
Quickly fix Unmountable Boot Volume error on Windows 10/11
15 safe software and application download websites for Windows
How to Fix Clipboard History Error in Windows 11 Latest Update