In association with heise online

02 August 2010, 20:21

Emergency patch closes LNK hole in Windows

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As announced on Friday, Microsoft has published the unscheduled MS10-046 update to close the LNK hole in Windows. A flaw in the Windows shell that occurs in analyzing the parameters of LNK and PIF files can be exploited to launch arbitrary programs when icons are displayed. For the attack to succeed, users merely need to open a folder with specially crafted files on an infected USB stick, in a network share, or a WebDAV folder, for instance.

All operating systems supported by Microsoft are affected – from Windows XP (SP3) to Windows 7 and Server 2008 R2. Users who already employ the Fix-it tool as a workaround will have to undo the workaround after the update has been installed if they want to see the icons again.

Criminals have already put malware into circulation to infect PCs by exploiting the flaw; one trojan even disseminated itself via the LNK hole in Daimler AG’s network.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit