|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Get ready to install the out-of-band LNK patch coming on Monday
Posted on July 31st, 2010 at 13:06 24 commentsI never, ever, ever recommend that you install an unproven patch.
Except this time.
On Monday, Microsoft will release an out-of-band patch that fixes the link file icon rendering 0day hole I talked about two weeks ago. Brian Krebs has a good synopsis here.
Even though it may break things, MS has put this patch through a lot of tests. Chances are good it won’t break anything important. And the bad guys are using the exploit right now.
Best to apply this patch – and this patch only – on Monday morning.
24 responses to “Get ready to install the out-of-band LNK patch coming on Monday”
-
I need to know the number of the patch so I can differentiate it from the others. I don’t see the number in the posting. Number of “this patch” please. Thanks.
-
Russell August 3rd, 2010 at 00:25
KB2286198, if that is the LNK 0day file, is now ready for download. As it came late this AM, you may not get the icon in the tray until you reboot your system if your computer was already on when MS posted the file.
-
Lurker August 3rd, 2010 at 02:43
Did the LNK patch get released?
I see nothing new besides the Update for Windows Mail Junk E-mail Filter for x64-based Systems and Windows Malicious Software Removal Tool x64, both from 7/13/10, which I am still waiting on.
-
Woody,
I haven’t had time to go from XP SP2 to SP3 (as this is a somewhat time consuming process and I have major life stuff happening).
Unfortunately, I don’t know when I’ll have time to do it either. Can I apply this patch to XP SP2 somehow? If so, will it be available via Windows Updates or would I have to download/install it? (I’ve never done that before with a patch, so any advise on the best way to do it would be greatly appreciated.)
If I’m out of luck for now, can you offer any information/advice about avoiding getting hit with anything bad in regards to the vulnerability? I use dial-up and don’t really visit any websites out of the ordinary. Would I still be safe with things like ordering on Amazon.com or using https://www.annualcreditreport.com (legit sites where you’re entering sensitive information).
Thanks for the help!
-
Is this for XP also? Which Update is it?
Security Update for Windows XP (KB2286198)
or Security Update for Windows XP (KB2229593)
or Windows Malicious Software Removal Tool – July 2010 (KB890830)?
The rest of them are the .NET updates.Thanks, Morty
-
rc primak August 3rd, 2010 at 04:29
Here’s the article from Infoworld Tech Watch on the Microsoft out of band patch:
http://www.infoworld.com/t/anti-virus/patch-monday-windows-shortcut-hole-gets-plugged-today-424
There are two interim workarounds, one from G-Data, and one from Sophos, which can help in the meantime, for those who are concerned. The Infoworld News article with the links is here:
http://www.infoworld.com/d/security-central/g-data-releases-tool-block-windows-shortcut-attacks-841
Depending on your computer’s configuration and other software installed, these two workarounds may break things big time. But if they do not, they both will leave users protected without wrecking all their desktop icons and shortcuts. If possible, the Sophos solution seems to be the mmost comprehensive, in my humble, non-technical opinion.
When applying the Microsoft patch, first remove the Microsoft Fixit, and/or the G-Data and/or the Sophos interim workarounds completely, to allow the Microsoft patch to do its work properly.
And do expect some programs to break. This is a very fundamental part of Windows which is being patched, and these sorts of patches ineveitably have unintended side-effects.
Thanks for the heads-up on the out of band patch, Woody.
-
FYI: this is “Security Update for Windows XP (KB2286198)”, at least for Windows XP.
Also, “Microsoft Security Bulletin MS10-046 – Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)”.
In contrast to (an)other July update appearing in my Automatic Updates list. (Hard to tell from the 2 vague descriptions which was the LNK update.)
BTW, should we still wait on applying this earlier update?
“Microsoft Security Bulletin MS10-042 – Critical Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
Published: July 13, 2010″ -
Is the patch being referenced here KB2286198?
-
FASHORN August 3rd, 2010 at 15:33
Hey Woody !!
Just thought I’d pass on this info. for the others. I installed this patch on a Windows 7 64bit notebook (ASUS G73JH-A1) this afternoon and have been all over the web , playing games ,and downloading from iTunes, played movies in WMP and burned a movie to DVD with ConvertXto DVD. Nothing went wrong and nothing broken. -
@Guest -
I’ll be reviewing the other updates tomorrow. Stand by.
-
@Bill -
I’m researching it furiously. Can you try to apply the patch to your SP2 system and tell me what happens?
Nothing bad will happen. The question is whether it goes through, and if it doesn’t, what kind of error do you get?
Reports I’m seeing are very unclear. MS originally said the patch would work with SP2, then changed the download web site. Best thing to do is just try it, and see what happens. Unfortunately, I don’t have an XP SP2 machine to try it on!
(If any of you watching have Win2000 machines, I’d really like a report about that, too. Again, the patch won’t clobber anything. The question is whether it’ll get applied or not, and if not, exactly what message do you get?)
-
rc primak August 3rd, 2010 at 22:09
If anyone cannot apply the patch to Windows 2000 or Windows XP without SP3, the Infoworld Tech Watch references will offer pretty good protection, if they do not cause too many side effects themselves.
While I was installing this patch, the July, 2010 Windows Help Center patch was the only other Critical Patch to show up. So I went ahead and applied it to both of my laptops (Windows XP Pro SP3 (32-bit), and Windows 7 Home Premium (64-bit)). Both machines show no ill effects. But this is just one patch. And I do not run MS Office, so I know nothing about any other July, 2010 patches which may be offered.
-
What is the KB number for this out-of-series patch released Monday, Woody? I have offers of a lot of patches.
-
Sorry Woody. The XP KB2286198 LNK patch is for XP SP3 and it WILL PERMANENTLY CRIPPLE Win2000 systems. I’ve just replaced the updated SHELL32.DLL file from KB2286198 on a Win2k computer and KABOOM, Win2000 can’t load the rest of the Win2k OS, though the desktop will load. So Win2000 users are OUT OF LUCK!
Bill is still using XP SP2 and wants to apply the LNK fix. Let’s see if the fix actually works on his computer. If not, then it’s three strikes on him and he’s outta there with SP2 and should update to SP3; best way to update to XP SP3 is to reinstall XP using an integrated/slipstreamed XP SP3 CD.
Life is sometimes cruel for those using WinXP SP2 and Win2000. Start updating to “supported” versions as soon as possible.
-
I should have mentioned I am using XP-Pro Version 5.1.2600 Service Pack 3 Build 2600
Thanks,
Morty -
@EP -
THANKS!
-
I’m still using my old laptop with windows 2000 XP pro. (Not yet switched to new one with windows 7; still studying Woody’s Windows 7 for Dummies all in one)
-
flavet August 4th, 2010 at 21:43
@Sanda – the LNK fix: KB2286198.
-
Thanks for the replies!
Based on what EP said about what happened to the Windows 2000 machine, I’m too paranoid just to try to apply the patch to my XP SP2 laptop. Sorry! (Plus, I’m not expert, so if something bad happens, I’m hosed.) I guess I’ll just hold out to see if anyone else out there with more knowledge and courage and XP SP2 is able to do it or not.
Can anyone provide a layman’s explanation as to what this vulnerability can actually do in a practical sense? What is the scenario (or scenarios) in which this vulnerability could cause any problem? I can’t seem to find this anywhere. Real-world scenarios that would be relevant to me where this vulnerability would be a real threat. Know what I mean?
Is there really an threat if you’re just going to mainstream secure sites? (i.e. ordering stuff on Amazon.com, or ordering a free credit report, or things like that?)
Reinstalling XP from scratch (with SP3) would be pretty problematic for me, and even more time-consuming than just installing SP3 — and unfortunately, life’s not going to give me time to spend on that any time soon.
I am considering getting a new inexpensive laptop just for internet use, and not using my current XP SP2 laptop for internet use (except maybe in the ways described above: trusted secured sites, etc.).
Any thoughts on all that would be greatly appreciated. Thanks very much!
-
@Bill -
Unfortunately, it’s a big security hole, which you need to plug. Even secure sites may, some day, be subverted. Best bet is to install the Sophos tool. See my InfoWorld Tech Watch blog, http://www.infoworld.com/t/windows/microsofts-patch-windows-shortcut-flaw-has-limitations-822
-
@Bill
It is NOT necessary to do a reinstall of XP to go from SP2 to SP3, unlike what EP said above.
It is just cleaner WHENEVER you do a clean install, because of all the changes: (installs, upgrades, changes to the registry, etc.) that piled up over time. Even just reinstalling your current OS – whatever version it is – will make it run better.
MANY have successfully UPDATED from SP2 to SP3. Download “Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers” from Microsoft:
******************************
It is better to do so soon anyway, since Microsoft just ended free support for Windows XP SP2. As you can see how the updates don’t even support XP SP2 anymore.
******************************
To be honest, XP SP2 was itself such a major “update” and made so many changes that many experts consider it to be actually a new version of Windows or a major UPGRADE of Windows. Apple would have charged for something similar. Microsoft had to release something major because the next OS, Vista, was delayed so long.
Going from SP2 to SP3 is less dramatic.
******************************
I don’t know if you updated to XP SP2, or your OS came that way. If you updated, then going from SP2 to SP3 is easier than going to SP2. Expect to spend about 1-2 hours running the update, with some reboots involved – longer if you have slow hardware (low RAM, slow hard disk, slow CPU).
Not to mention the initial 300+ MB download of the service pack. I like to download the whole SP up front instead of letting Automatic Updates do it or using the “small” update (which can hang or wait for more downloads between installation steps, requiring more babysitting; also if you resisted SP3 this long, you need a little work to get Auto Updates to show SP3 again or got to Microsoft Update site).
******************************
Of course, you should follow the usual precautions of backing up your system, etc.
Also, do a little reading beforehand of issues & readme’s & release notes before you update. See the bottom of this page:
How to obtain the latest Windows XP service pack
http://support.microsoft.com/kb/322389Good luck.
-
mericardo August 6th, 2010 at 23:01
After Security Update for MS WIndows KB2286198 was installed on my 64 bit Windows 7 machine, which was previously running GREAT, my Outlook (Office 2007) refuses to start. I did a system restore to two days before the Updated, removed all my Outlook add-ons, then re-applied the Update and my Outlook still would not start. If I restore to before the update my Outlook works fine but the KB2286198 breaks my Outlook, which is one of the most important apps I use. I write this to caution anyone interested. If anybody experieced this and has a work-around, I would appreciated it if you shared.
Thanks,
Marc -
richard August 7th, 2010 at 02:23
just installed kb2286198 on my XP pro sp3 and I kept getting “third party problems re: kernel32.dll” whenever I try and close IE 7. Anyone know why or how to fix? I removed the update and everything works fine. What to do??
-
@Marc -
I haven’t heard of that problem, but I’ll keep my eyes open for it.
Leave a reply
-
Support AskWoody.com
Click on this list to get
Woody ’s books at Amazon.com
- Windows 7 All-In-One For Dummies
- Green Home Computing For Dummies
- Windows Vista All-In-One Desk Reference For Dummies
- Windows Vista Timesaving Techniques For Dummies
- Windows XP All-In-One Desk Reference For Dummies
- Windows XP Timesaving Techniques For Dummies
- Windows XP Hacks & Mods For Dummies
- Windows Home Server For Dummies
- Special Edition Using MS Office 2007
- Special Edition Using MS Office Home & Student 2007
- Special Edition Using MS Office 2003
- Office 2003 Timesaving Techniques For Dummies
- Special Edition Using MS Office 2003, Student-Teacher Edition)