Microsoft has officially confirmed that the “shortcut trick” related to the Internet Explorer browser is not a security flaw.
The “shortcut trick” suggests that a file capable of executing automatically can be triggered when users input a website address into the Internet Explorer browser.
Specifically, for those using the Windows XP operating system and the Internet Explorer browser, if they enter any website address—such as www.microsoft.com—into the browser, instead of seeing that website, an executable file located on the user’s PC will launch.
Microsoft conducted tests to verify the authenticity of the “shortcut scam” as follows:
 |
| Source: realtech |
• Right-click on the screen and select News | Shortcut
• Point the shortcut path to an executable file—e.g., c:windowssystem32calc.exe
• Name the created shortcut www.microsoft.com
• Launch the Internet Explorer browser and enter “www.microsoft.com” into the address bar
Using this method to input the address allows “calc.exe” to be triggered. However, if the created shortcut is deleted or if the characters “http://” are added before “www” in the browser’s address bar, Internet Explorer will connect to the Internet instead of launching the file as mentioned.
Peter Watson, the Chief Security Advisor of Microsoft Australia, stated that this is not a security flaw but merely a feature that can be used to activate legitimate applications.
“We need to clarify the difference between a security issue and an application feature. A security flaw can allow hackers to do something. But in this case, it does not. Only software installed legally on the user’s system can be activated through this feature,” Watson explained.
According to expert Watson, the “shortcut trick” can assist users in automating certain tasks.
However, security experts hold a completely different view. They argue that this is not a necessary feature and it could be exploited by malware developers.
Hoàng Dũng
