edit-icon download-icon

[Vulnerability notice] CVE-2017-8464: Microsoft Windows LNK remote code execution vulnerability

Last Updated: Mar 19, 2018

Microsoft announced the vulnerability CVE-2017-8464 on June 13, 2017. The Windows operating system is exposed to the high-risk vulnerability of remote arbitrary code execution when parsing shortcuts. Hackers can trigger this vulnerability by means of a USB flash drive or network sharing to take full control of the user system. The risk rating is high.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-8464

Vulnerability name

Microsoft Windows LNK remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

An attacker may provide the victim with a mobile drive or remote share that contains a malicious .lnk file or a related malicious binary file. After the victim opens the drive or remote share in Windows System Resource Manager or any other application that parses the .lnk file, the malicious binary program runs the code selected by the attacker in the target system. Successful exploits allow the attacker to gain the same user rights as the local user.

.lnk is the file type suffix for application shortcut files in the Windows operating system.

Condition and method of exploitation

Remote exploitation.

Affected scope

Desktop operating systems and software:

  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 10 version 1703 for 32-bit Systems
  • Microsoft Windows 10 version 1703 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1

Server operating systems:

  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

Vulnerability detection

None

How to fix or mitigate

Do not run programs with the administrator privilege, and always run applications with minimal permissions. We recommend that you create a common account for each application and grant permissions to this account.

Install the Microsoft patches as soon as possible. Alibaba Cloud users can download and install the patches by means of Windows Update or manually. The download URL is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464.

Reference

[1]. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464
[2]. http://www.securityfocus.com/bid/98818

Thank you! We've received your feedback.