|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Understanding the LNK 0day “USB drive” security hole
Posted on July 21st, 2010 at 03:47 6 commentsIf you’re confused and concerned about all the talk of a USB-based security hole in Windows, there’s more and less to the matter than what you’ve probably heard.
I have an article on InfoWorld Tech Watch that tries to explain what’s happening. Basically, the problem has nothing to do with USB drives or whether AutoRun is enabled on a PC or not. It has everything to do with how Windows handles calls for showing the icons in a shortcut.
Right now there’s nothing you can do about it, but be of good cheer: there aren’t any exploits in the wild (far as anyone knows) except the original one, which targeted businesses with a Siemens SCADA industrial computer system. On the other hand, there’s a working “exploit” now available via Metsploit, so more cracks are undoubtedly on their way.
Stay tuned.
UPDATE: Oooops. I gave you a bad link, originally. There’s now a fix, described in this Tech Watch post.
6 responses to “Understanding the LNK 0day “USB drive” security hole”
-
Link error…
-
matt parker July 21st, 2010 at 08:22
woody-
the link doesn’t do to info world
it goes to a review website.matt parker
-
Shmuel July 21st, 2010 at 19:34
That’s not the right link.
-
flavet July 21st, 2010 at 23:29
What happened? Your link takes me to a site named ‘ars technica’.
-
Randall July 22nd, 2010 at 02:11
Woody – your link to the article goes to some other page on arstechnica.
Also, MS just released a FixIt for this, but might be risky to use it for a few days until real users actually try it out
-
Woody, take a look at this ZDNet article.
More on it at this ZDNet UK page.
at least one known malware seems to be taking advantage of the LNK 0day hole.
Leave a reply
-
Support AskWoody.com
Click on this list to get
Woody ’s books at Amazon.com
- Windows 7 All-In-One For Dummies
- Green Home Computing For Dummies
- Windows Vista All-In-One Desk Reference For Dummies
- Windows Vista Timesaving Techniques For Dummies
- Windows XP All-In-One Desk Reference For Dummies
- Windows XP Timesaving Techniques For Dummies
- Windows XP Hacks & Mods For Dummies
- Windows Home Server For Dummies
- Special Edition Using MS Office 2007
- Special Edition Using MS Office Home & Student 2007
- Special Edition Using MS Office 2003
- Office 2003 Timesaving Techniques For Dummies
- Special Edition Using MS Office 2003, Student-Teacher Edition)