Windows shortcut threat spreads via USB drives

Warnings of the new USB attack vector began to appear recently, including a Microsoft Advisory which included the observation that one attack approach could come via removable drives.

Vulnerable versions of Windows, including Service Packs, identified by Microsoft are:

• Windows XP Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista Service Pack 1 and Windows Vista Service Pack 2
• Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
• Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
• Windows 7 for 32-bit Systems
• Windows 7 for x64-based Systems
• Windows Server 2008 R2 for x64-based Systems
• Windows Server 2008 R2 for Itanium-based Systems

Look for Microsoft to address this one aggressively and quickly — the breadth of the exposure guarantees that.

And look at the announcement of this new vulnerability, and particularly the USB/AutoRun/AutoPlay as an opportunity to tighten up on your company’s approach to both removable drives, and automatic executions.

AutoRun-based attacks launched from USB drives — or CD-Roms — are nothing new; we’ve talked here of USB risks before.

Disabling AutoRun, and any automatic players seems to me to be a good first step. But equally important is establishing and communicating a solid removable drive policy — and, by extension, a solid overall device and media policy — that could at least make employees aware of the large risks that can come in small attachable packages.