Exploit code available for remote code execution in windows vulnerability

CERT.be advisory #2017-004

Reference: CVE ID: CVE-2017-8464
Version: 1.0
Affected software: all supported versions of Windows


By persuading a user to display a specially-crafted shortcut file an attacker could exploit this vulnerability to execute arbitrary code with the privilege of the user. This can happen automatically by, for example, connecting a compromised USB device when AutoRun/AutoPlay is enabled.


Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. Opening a LNK file has basically the same outcome as opening the file that is specified as the shortcut target.
A specially-crafted LNK file can be used to execute arbitrary code when the icon of the shortcut is displayed to the user.
In June Microsoft released a security update to correct this vulnerability. Because exploit code has now been released publicly, the likelihood of being compromised when the update is not yet applied has increased.

Recommended action

Considering the severity of the vulnerability combined with the lack of user interaction, all users are advised to apply the update for their concerned version of Windows as quickly as possible.
These can be found through https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...