Wednesday, July 21, 2010

Microsoft issues FixIt for LNK vulnerability

Well, I predicted Microsoft would patch this problem, but first they want us to "FixIt" manually.  I ran this FixIt on my main workstation and the main effect is to change some of your "Quick Start" and desktop icons to generic ones:

This mike look like a problem but it is really only a minor inconvenience.  When you hover your mouse over an icon, a tooltip pops up with its name.  And icons in the Start Menu still have their full names:

Security Advisory 2286198 Updated - The Microsoft Security Response Center (MSRC) - Site Home - TechNet Blogs
We've just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated "Fix It" available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running the "Fix It" can help prevent attacks attempting to exploit this vulnerability. This workaround will disable some icons from being displayed
Microsoft Security Advisory: Vulnerability in Windows Shell could allow remote code execution
Microsoft has released a Microsoft security advisory (2286198) about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:

To have us fix this problem for you, go to the "Fix it for me" section. If you would rather fix this problem yourself, go to the "Let me fix it myself" section.
Windows Shortcut Exploit: What You Need to Know
Microsoft released Security Advisory 2286198 late last week to address a newly-discovered zero-day flaw that can be exploited simply by clicking a shortcut icon. However, that original guidance is being questioned by security researchers, and exploit code is now available, making a bad situation even worse.

According to the Microsoft advisory, "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed." An attack can exploit the flaw and compromise the system or run malicious code without any additional user intervention--even circumventing UAC, and Windows 7 security controls.

No comments: