Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Issue Emergency Fix For Windows .LNK Flaw

Posted by Soulskill on from the tee-plus-two-weeks dept.

Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."

4 of 112 comments (clear)

  1. Windows 2000 users by trifish · · Score: 5, Informative

    A friendly warning to all Windows 2000 users out there, your OSs will remain vulnerable (unless you have a private agreement with MS).

    Support for you ended two weeks ago.
    http://support.microsoft.com/lifecycle/?LN=en-us&x=17&y=3&p1=3071

  2. Re:what is this .lnk flaw anyway? by noesckey · · Score: 5, Informative

    Stuxnet functions even if autorun is disabled: http://www.sophos.com/pressoffice/news/articles/2010/07/stuxnet.html

  3. Re:getting things done by basscomm · · Score: 2, Informative

    Except for the fact that I've never had a Windows box that got compromised or infected with any kind of virus, trojan or malware. Most "vulnerabilities" in Windows are user initiated. Practice a little common sense (ie. don't run things that come from questionable or unknown sources) and you are unlikely to ever see a problem.

    Baloney. Let me guess, you don't have any antivirus installed either, because you don't need it? Either you haven't been using Windows for very long or your only Windows box is turned off in the corner. Back in the 90s I got a disk from my school that was infected with Stoned, and a few years later bought a CD-ROM game that came with Michelangelo on the disc itself. Even more recently, hardware from (more or less) reputable sources come preloaded with malware. Heck, part of my job is removing malware from PCs on a near-daily basis, and even though I know better, my USB key got hit by the Autorun worm last Summer. So yeah, common sense and safe browsing habits are wonderful things, but they're not a panacea. There are so many attacks coming from so many vectors, that if you use a Windows box you will get some kind of infection eventually.

    --
    http://crummysocks.com
  4. Re:"have been exploiting for several weeks now..." by Shados · · Score: 2, Informative

    because for various reasons (some that are even good), Microsoft only normally release patches once a month. When they can't wait, they call it an emergency fix. Simple enough?