Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Issue Emergency Fix For Windows .LNK Flaw

Posted by Soulskill on from the tee-plus-two-weeks dept.

Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."

2 of 112 comments (clear)

  1. Re:The 1 click wonder? by RulerOf · · Score: 0, Flamebait

    Heck you could even use vlc

    There's a small problem centered on VLC really, really, really, extra-super-holy-fuck-it's-a-pile-of-shit sucking. Sure it "plays everything," but until they drop FFMpeg on Windows and embrace directshow or Media Foundation (and by extension, DXVA) it's going to continue to be a heaping pile of shit until the end of time. Not to mention the shitty interface. I've never gotten optical output to work correctly on it, it eats CPU, and it wasn't until just over a year ago that you could even change the volume with the mouse wheel.

    Don't get me wrong, it always works, and that's important, but it lacks the polish that just about everything else including other FOSS projects like MPC-HC have had for a VERY long time.

    And why Windows Media Center and not MythTV? Three reasons: DXVA, Media Center Extenders (XBox 360's are cheaper and more compact than any computer that would fit the bill, and they have a nice remote), and CableCARD support. There's no other platform that offers that set of features. Also, it's really, really slick :P

    --
    Boot Windows, Linux, and ESX over the network for free.
  2. Re:The really interesting bit by symbolset · · Score: 0, Flamebait

    Start with the obvious assumption that the certificate was stored on a Windows computer. Now assume that most of the rest of them are too. Calculate the likelihood that a particular Windows computer will be rooted.

    Are you scared yet?

    --
    Help stamp out iliturcy.