Security Advisory 2286198 has been issued to make everyone aware of a publicly reported issue with Windows Shell.
In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware, a threat family already known to the Microsoft Malware Protection Center. The MMPC has a blog post with more technical discussion of Stuxnet.
We recommend that customers follow the guidance provided in the Security Advisory, making note of mitigations and tested workarounds. We will continue to investigate the vulnerability and, upon completion of that investigation, we will take appropriate action to protect our customers.
Customers should be aware that signatures in up-to-date versions of Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform protect customers against the Stuxnet malware.
According to the security advisory this is impacting the following Windows systems:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
This vulnerability is typically implemented on removable drives so that when it is inserted and AutoPlay starts up it could execute the malicious code. Even if you have AutoPlay disabled and just browse the root folder this could cause the malicious code to also be executed.
So make sure your anti-virus signatures are all up to date and just be very cautious while they work on a permanent fix for this issue.