Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Microsoft Security Windows Worms News IT

Microsoft To Issue Emergency Fix For Windows .LNK Flaw 112

Posted by Soulskill
from the tee-plus-two-weeks dept.
Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."
This discussion has been archived. No new comments can be posted.

Microsoft To Issue Emergency Fix For Windows .LNK Flaw

Comments Filter:
  • Windows 2000 users (Score:5, Informative)

    by trifish (826353) on Saturday July 31, 2010 @06:46AM (#33094296)

    A friendly warning to all Windows 2000 users out there, your OSs will remain vulnerable (unless you have a private agreement with MS).

    Support for you ended two weeks ago.
    http://support.microsoft.com/lifecycle/?LN=en-us&x=17&y=3&p1=3071 [microsoft.com]

  • by noesckey (1841502) on Saturday July 31, 2010 @08:13AM (#33094604)
    Stuxnet functions even if autorun is disabled: http://www.sophos.com/pressoffice/news/articles/2010/07/stuxnet.html [sophos.com]
  • by Anonymous Coward on Saturday July 31, 2010 @08:20AM (#33094634)

    Please mod this down, the bug in the lnk handling does in no way require autorun, just browsing the folder will do. This btw also works with webdav shares (have fun ie users).

  • by basscomm (122302) <basscommNO@SPAMcrummysocks.com> on Saturday July 31, 2010 @09:40AM (#33094954) Homepage

    Except for the fact that I've never had a Windows box that got compromised or infected with any kind of virus, trojan or malware. Most "vulnerabilities" in Windows are user initiated. Practice a little common sense (ie. don't run things that come from questionable or unknown sources) and you are unlikely to ever see a problem.

    Baloney. Let me guess, you don't have any antivirus installed either, because you don't need it? Either you haven't been using Windows for very long or your only Windows box is turned off in the corner. Back in the 90s I got a disk from my school that was infected with Stoned [wikipedia.org], and a few years later bought a CD-ROM game that came with Michelangelo [wikipedia.org] on the disc itself. Even more recently, hardware from (more or less) reputable sources come preloaded [slashdot.org] with [sunbeltsoftware.com] malware [sophos.com]. Heck, part of my job is removing malware from PCs on a near-daily basis, and even though I know better, my USB key got hit by the Autorun worm [techknowl.com] last Summer. So yeah, common sense and safe browsing habits are wonderful things, but they're not a panacea. There are so many attacks coming from so many vectors, that if you use a Windows box you will get some kind of infection eventually.

  • by Anonymous Coward on Saturday July 31, 2010 @10:40AM (#33095242)

    I still haven't understood what this .lnk flaw actually is,
    ...
    And it seemed to also require the use of Autorun/Autoplay.

    Than please do not comment upon it that way. And no, it does not need Autorun/Autoplay.

    Just getting the shortcut displayed in your file-browser window is enough to trigger the "exploit". And as most installations are "helpfull" enough to open the root-folder of the removable media you put into the machine that "looking at" is fully automated.

    Even if not, simply clicking on the USB-sticks icon in the file-browser will open that root-folder for you and it happens anyway. Other sub-folders can be infected the same way.

    The crux of the matter is that when the shortcut references a specific target that target gets activated to be able to get a specific icon from it (which the shortcut than displays).

    This is designed behaviour (one of the many "by design" blunders MS has made).

    The only work that needs to be done is to edit the target stored in the shortcut to point to another target (the malicious program) located on the removable/remote/anywhere else media. Even a script-kiddie can do that it.

    P.s.
    I removed some too-specific information, as MS did not yet make the patch available ...

  • by Anonymous Coward on Saturday July 31, 2010 @11:14AM (#33095458)

    SP2 support ended earlier this month. You know what that means. No patch unless you have a custom support contract. Hasta la vista.

  • by Shados (741919) on Saturday July 31, 2010 @12:03PM (#33095734)

    because for various reasons (some that are even good), Microsoft only normally release patches once a month. When they can't wait, they call it an emergency fix. Simple enough?

The solution of this problem is trivial and is left as an exercise for the reader.

Working...