Microsoft Issues Patch for .LNK Flaw

As I noted last Friday, Microsoft had announced that it would release an out-of-schedule patch today for the security vulnerability associated with Windows “shortcuts” (these files have a .LNK extension).  The patch has now been released; details are in Microsoft Security Bulletin MS10-046, which also has download links for the stand-alone patch installation files.  The update should also be available via the Microsoft Update service.

This vulnerability affects all supported versions of Windows, and is rated Critical for all of them; it is being actively exploited at present.   I recommend you install this update as soon as you can.

Update, Monday, 2 August, 21:00 EDT

Brian Krebs at Krebs on Security has posted an article about this update, which contains some more implementation information; he describes some minor problems with installation of the patch on a 64-bit version of Windows 7.

2 Responses to Microsoft Issues Patch for .LNK Flaw

  1. […] month’s Security Bulletin Summary.   One of these, MS10-046, is the same patch that was released out-of-band on August 2.  The remaining 14 bulletins are new, and collectively address 31 separate  vulnerabilities.   […]

  2. […] although it has aspects in common with the LNK vulnerability we saw earlier this summer, which Microsoft patched at the beginning of August.   It is a result of the way a basic mechanism of Windows works, so it […]

%d bloggers like this: