Hello, welcome to the Thursday, June 25th, 2020 edition of the Sandtonet Stormsterners Stormcast. My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida again.

In today's diary, we have Jan again introducing us to an interesting little Windows bug or behavior, and that's around link files.

Now, link files and Windows are, of course, vastly different from sim links or hardlinks on

Unix in that there are actual files and there are multiple parameters that you can list within the file.

One of them is the location of the icon to display for the particular file.

So, okay, what can you do with this?

Well, it turns out that the location can also be a URL.

So you can point it to a remote file and that file will be downloaded.

The only limitation is that the end of the URL has to be dot ICO, the short for icon.

But that's the end of the URL, not the end of the file name that you are downloading.

So all you have to do to hit an arbitrary URL is just add question mark, some parameters.

Dot ICO, and yes, it will work.

It will download the file.

And Jan is going over a couple of scenarios how this could potentially be used maliciously.

In order to trigger this issue, the user just has to look at a directory listing that contains the malicious link file.

So one way how Jan suggests this could be exploited is if the user receives a link file. So one way how Jan suggests this could be exploited is if the user receives

an email with a zip file as an attachment unsips it and then just within that zip file,

there is the malicious link file that would trigger this particular problem.

And we've got a number of vulnerabilities and patches to talk about.

First of all, on Monday, Google released an update for Chrome fixing two vulnerabilities.

Secondly, QNAP released an update for its network storage devices, in particular the Helpdesk application

...