Emergency patch closes LNK hole in Windows
As announced on Friday, Microsoft has published the unscheduled MS10-046 update to close the LNK hole in Windows. A flaw in the Windows shell that occurs in analyzing the parameters of LNK and PIF files can be exploited to launch arbitrary programs when icons are displayed. For the attack to succeed, users merely need to open a folder with specially crafted files on an infected USB stick, in a network share, or a WebDAV folder, for instance.
All operating systems supported by Microsoft are affected – from Windows XP (SP3) to Windows 7 and Server 2008 R2. Users who already employ the Fix-it tool as a workaround will have to undo the workaround after the update has been installed if they want to see the icons again.