CVE-2017-8464

Name of the Vulnerable Software and Affected Versions Windows Shell versions in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

Description The issue is related to errors in handling .LNK files, which can allow local users or remote attackers to execute arbitrary code. This can occur when a crafted .LNK file is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. Exploitation of this issue may enable an attacker to execute arbitrary code by connecting to a system with a specially crafted shortcut associated with a malicious application. After viewing the storage device using any application that performs icon parsing, arbitrary code will be executed.

Recommendations For Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, consider disabling the handling of .LNK files in Windows Explorer or other applications that parse shortcut icons until a patch is available. As a temporary workaround, restrict access to removable storage devices to minimize the risk of exploitation. Avoid using applications that parse and display icons of shortcuts from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.