As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the patch to take effect.

Windows users can download and install the patch themselves, or allow Microsoft to apply it to their computer overnight using the Automatic Update service. If you choose the latter, be sure to save any open work on your computer before leaving the computer for the evening. Otherwise, you may find a freshly booted system when go to your PC the following morning.

Information about the vulnerability, along with the patch, can be found in the following Microsoft Security Bulletin:

Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Here is a list of all articles we have written about CVE-2010-2568 (the Common Vulnerability and Exposure number assigned to the threat) in the blog, as well as malware using it as a vector, such as Win32/Stuxnet.

Date
Article
July 27
July 23
July 22
July 22
July 22
July 22
July 20
July 19
July 19
July 19
July 19

We recommend that people begin deploying the patch as soon as possible. While ESET’s software protects against the malware currently known to exploit this vulnerability, installing Microsoft’s patch closes the vulnerability on the operating system. 

Regards,

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher