Defense in depth -- the Microsoft way (part 92): more stupid blunders of Windows' File Explorer
Windows File Explorer在处理.lnk文件时存在两个问题:一是属性选项卡缺失,二是右键菜单功能受限,均需额外权限支持,影响用户体验。 2025-9-8 22:33:41 Author: seclists.org(查看原文) 阅读量:3 收藏
fulldisclosure logo

Full Disclosure mailing list archives

From: Stefan Kanthak via Fulldisclosure <fulldisclosure () seclists org>
Date: Fri, 29 Aug 2025 16:36:30 +0200
Hi @ll,

this extends the two previous posts titled Defense in depth --
the Microsoft way (part 90): "Digital Signature" property sheet
missing without "Read Extended Attributes" access permission
<https://seclists.org/fulldisclosure/2025/Jul/39> and Defense
in depth -- the Microsoft way (part 91): yet another 30 year
old bug of the "Properties" shell extension
<https://seclists.org/fulldisclosure/2025/Aug/2>

About 35 years ago Microsoft began to implement their "New Technology
File System" (NTFS) for their upcoming Windows NT operating system.
NTFS supports the extended attributes of the HPFS file system which
Microsoft and IBM had developed for their OS/2 operating system before.
NTFS' initial version, released with Windows NT 3.1 in 1993, had no
access control and did not support named (alternate) data streams;
both were added for Windows NT 3.5, released one year later, with
separate access permissions for reading or writing data streams,
attributes and extended attributes
(<https://msdn.microsoft.com/en-us/library/aa364404.aspx> and
<https://technet.microsoft.com/en-us/library/cc783530.aspx>).

About 30 years ago Microsoft replaced the file manager as well as
the program manager shipped with their Windows operating systems
by "Windows Explorer", the graphical shell of Windows since then.
"Windows Explorer" (later renamed to "File Explorer") supports
so-called shortcuts, files with .LNK file extension which carry
their payload in the (unnamed) primary data stream.

Blunder #1: for .LNK files, the "Properties" shell extension fails to
display the "Shortcuts", "Options", "Fonts", "Layout", "Colors" and
"Compatibility" property sheets, i.e. 6 out of the total 10 property
sheets, unless the "Read Extended Attributes" permission is granted,
despite this permission is NOT required to read the files' (unnamed)
primary data stream!

Blunder #2: for .LNK files, the context menu handler invoked with a
right mouse-click on the file, fails to display MULTIPLE context menu
entries, for example "Open" and "Open as Administrator", unless the
"Read Extended Attributes" permission is granted, despite this is NOT
required to read the files' (unnamed) primary data stream!

stay tuned, and far away from bug-riddled software oozing out of Redmond
Stefan Kanthak
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • Defense in depth -- the Microsoft way (part 92): more stupid blunders of Windows' File Explorer Stefan Kanthak via Fulldisclosure (Sep 08)

文章来源: https://seclists.org/fulldisclosure/2025/Sep/36
如有侵权请联系:admin#unsafe.sh