Out-of-Band Patch Fixes Windows Critical .LNK Vulnerability

Users are advised to apply the update as soon as possible

By on August 3rd, 2010 09:29 GMT
A security update designed to resolve a Critical zero-day vulnerability affecting all supported versions of Windows has been released and is now available to customers worldwide. Microsoft is offering an out-of-band patch designed to fix a security flaw associated with the manner in which Windows Explorer renders maliciously crafted .LNK or.PIF shortcut files. If successfully exploited, remote attackers can execute arbitrary code on a vulnerable system. Microsoft already warned of the detection of attacks exploiting the 0-day .LNK vulnerability in the wild.

In this context, Windows users are advised to apply the security update as soon as possible. There are already a number of malware samples that can take advantage of the .LNK vulnerability in Windows Shell in order to spread and infect unpatched computers. Just the fact that the software giant released MS10-046 out-of-band should be a clear indication of the urgency with which this security update needs to be applied to computers.

“MS10-046 addresses one vulnerability in Windows and affects all supported editions including Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. It is recommended that customers deploy the update as soon as possible to help protect their computers from criminal attacks seeking to exploit the .LNK vulnerability,” revealed Christopher Budd, senior security response communications manager, Microsoft.

Customers that have already applied the automated FixIt workaround offered by Microsoft ahead of the patch via KB 2286198, should revisit the Knowledge Base article and undo the changes made to their machines. KB 2286198 provides a FixIt button which will automatically disable the initial workaround.

At the end of July 2010, Microsoft revealed that it had detected a number of malicious code samples exploiting the .LNK vulnerability, including Stuxnet, Sality, Vobfus, and Chymine. In addition, there are also malicious links involved in attacks, the Redmond company warned. At this point the patch is available through Microsoft Update, Windows Update and the Download Center.

Follow me on Twitter @MariusOiaga.

Comments