Windows .lnk Vulnerability

Written by Matthew Stein Wednesday, 28 July 2010 13:51

In the last week or so information has been spreading about a new security problem in Windows, this time with shortcuts (which are actually little files with the extension .lnk). There's a problem with the way the shortcuts load their icons that can allow an attacker to do all sorts of nasty things. The problem started on USB drives, but that's hardly the only way for it to spread.

Until there's a real security patch, there are a couple of stop-gap measures that have been released. Microsoft has released a temporary fix, but it's likely to make almost all of your icons (on your desktop, in you start menu, etc.) appear blank. Another work-around has been released that does a bit more selective job: LNK-Checker from G-Data.

I've installed LNK-Checker on my computer to test it, and it seems to work fine. A couple of icons appear to have changed, but most look the same as always. If you're concerned about security, it looks like a good fix until Microsoft gets around to patching the hole.

Update (2010-08-02): Microsoft has released an emergency patch for this vulnerability. Use Windows Update to get it now.