Microsoft releases .lnk bug fix
The .lnk bug in Windows has now been patched - but what took Microsoft so long?
Despite categorising the flaw - which can cause unauthorised code to execute simply by browsing to a network share or storage device containing a maliciously-crafted .lnk or .pif shortcut file - as critical, Microsoft chose to wait until its next patch release cycle date owing to a lack of in-the-wild attacks against the flaw.
Sadly, that has changed: with several strains of malware now taking advantage of the un-patched vulnerability, Microsoft has decided to release a fix for download later today - outside its normal release schedule. Microsoft Security Response Centre spokesman Christopher Budd confirmed that the patch comes as "in the past few days, we've seen an increase in attempts to exploit the vulnerability."
While system administrators will be thankful that a fix will soon appear - although the headache of an out-of-band patch installation can't be discounted - many are wondering just what took Microsoft so long. While it was clear at the start that this was a serious security flaw, Microsoft's decision to delay the release of a patch for almost a full month has left its customers at risk of attack - and, according to InformationWeek, directly contributed to the spread of the Sality worm.
Are you just pleased to see that a fix is now available for what is clearly a major security flaw in the Windows shell, or disappointed that it has taken Microsoft this long to provide a proper fix for the issue? Share your thoughts over in the forums.
Previous Article
13 Comments
Discuss in the forums ReplyIt's unusual because releasing an out-of-cycle patch means the exploit is pretty severe and you wouldn't want to have to admit that, would you?
unlike Apple, they need to release a whole new OS version with "better features" that are mostly patches
and worst of it all... Apple makes you pay for those :P
EDIT: not talking about the iPhone btw :P
Come on, stop the Apple bashing, this is about a problem with Windows!
Available at 7pm tonight? Just go ahead and d/l the damned thing already!
I enjoyed the Apple bashing :) made my day lol but for serious flaws like this M$ should of pushed the patch out ASAP for sys admins to test and shortly after to the clients. Waiting an entire month! gave way to much time to crackers to develop malware to take advantage of said flaw. Issues like this should be publisied by M$ to teh client and have crit pop-ups occur advising user of issue and to install update to fix. (BUT NOT take focus away from full screen apps, that just pissed me off)
I truly worried about Apple owners when crackers decide to start hitting them as they already are especially the iphone and ipad.
windows user.. what a newbie.. I've had my account ridden like a dog in heat and don't even break a sweat anymore
Perfectly stated, I tested alot for Trackmania (the game by NADEO) and one problem they had alot was when they fixed one thing it introduced another problem (they were trying to keep old versions intact and add new features)... the larger the code the more complicated it gets and "knock on effects" from fixes become apparent.
Good on them for doing things properly rather than rushing things out for moaners.