⚠ Actively exploited

Added to CISA KEV on 2022-02-10. Federal agencies required to patch by 2022-08-10. Required action: Apply updates per vendor instructions..

CVE-2017-8464 — Corporation Windows Shell vulnerability

26 documents13 sources

Severity

8.8HIGHNVD

EPSS

93.9%

top 0.13%

CISA KEV

KEV

Added 2022-02-10

Due 2022-08-10

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Corporation Windows Shell Microsoft Windows Server 2008 Microsoft Windows Server 2012 +12 more

Timeline

PublishedJun 15

KEV addedFeb 10

Latest updateMay 13

KEV dueAug 10

CISA Required Action: Apply updates per vendor instructions.

Description

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages14 packages

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

▶msrcmsrc/windows_server_2012_r2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5x6-r6hp-xgpc: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-13

▶

VulnCheck

Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability↗2017

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - '.LNK' Shortcut File Code Execution↗2017-08-06

▶

Exploit-DB

Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)↗2017-07-26

▶

Metasploit

LNK Code Execution Vulnerability↗

▶

Metasploit

LNK Code Execution Vulnerability↗

▶

📋Vendor Advisories

CISA

Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability↗2022-02-10

▶

Microsoft

LNK Remote Code Execution Vulnerability↗2017-06-13

▶

🕵️Threat Intelligence

Qualys

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys↗2022-02-23

▶

Talos

Lemon Duck brings cryptocurrency miners back into the spotlight↗2020-10-13

▶

Unit42

Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices↗2020-06-24

▶

Unit42

Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices↗2020-06-24

▶

Trendmicro

BlackSquid Infects Servers and Drives, 8 Exploits Used↗2019-06-03

▶