Get ready to install the out-of-band LNK patch coming on Monday

I never, ever, ever recommend that you install an unproven patch.

Except this time.

On Monday, Microsoft will release an out-of-band patch that fixes the link file icon rendering 0day hole I talked about two weeks ago. Brian Krebs has a good synopsis here.

Even though it may break things, MS has put this patch through a lot of tests. Chances are good it won’t break anything important. And the bad guys are using the exploit right now.

Best to apply this patch – and this patch only – on Monday morning.

Firefox 4 Beta 2 lookin’ good

I like it!

See my Tech Watch report.

The iPad’s halo effect on corporate Mac sales

Apple’s rolling over the slate market, but at the same time, it’s selling more Macs than ever. Gartner says that in 2Q 2010, 9.8% of all PCs sold in the US were Macs. I’m betting that number will increase significantly in 3Q. See why in my InfoWorld Tech Watch blog.

Do the math: 175,000,000 copies of Win7 isn’t that impressive

From my InfoWorld Tech Watch blog. Microsoft says it’s sold 175,000,000 copies of Windows 7 since October 22. Sounds impressive, but when you to the math, it’s both disappointing and mystifying.

If you use Hotmail or Messenger, read this

One of the most important privacy articles I’ve ever written just went up on the Windows Secrets newsletter site.

If you have a Windows Live ID – a Hotmail account, an @live.com or @windowslive.com address – you better take a look. Somebody’s watching. And tattling.

Understanding the LNK 0day “USB drive” security hole

If you’re confused and concerned about all the talk of a USB-based security hole in Windows, there’s more and less to the matter than what you’ve probably heard.

I have an article on InfoWorld Tech Watch that tries to explain what’s happening. Basically, the problem has nothing to do with USB drives or whether AutoRun is enabled on a PC or not. It has everything to do with how Windows handles calls for showing the icons in a shortcut.

Right now there’s nothing you can do about it, but be of good cheer: there aren’t any exploits in the wild (far as anyone knows) except the original one, which targeted businesses with a Siemens SCADA industrial computer system. On the other hand, there’s a working “exploit” now available via Metsploit, so more cracks are undoubtedly on their way.

Stay tuned.

UPDATE: Oooops. I gave you a bad link, originally. There’s now a fix, described in this Tech Watch post.

Mouseless

MIT has created a phenomenal replacement for the mouse.

Get a load of this.

(The original link was broken. Sorry, and thanks to all who pointed it out! I’ve been a bit preoccupied – a new Little Leonhard just arrived, 8 lbs and full of energy.)

MS-DEFCON 2: Get patched, then shut down Auto updates – fix for the Help 0day coming

Microsoft has announced that it will deliver four security bulletins on Tuesday July 13.

Three of them don’t appear to be terribly interesting, but one of them must be. Quoth Microsoft:

We are also closing Security Advisory 2219475 (Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution) with a comprehensive update that addresses the issue currently under attack.

Looks like MS is finally going to plug the security hole I talked about a week ago. I’m still not convinced it’s a Big Deal, but it’ll be nice to get it fixed.

Get all of the MS patches applied, except the .NET patches, then make sure you have Automatic Updates turned off. Let’s see what Tuesday will bring.