Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Fix it Released for Security Advisory 2286198

20 Jul 2010   #1

Windows 7 & Windows Vista Ultimate
 
 
Fix it Released for Security Advisory 2286198

Microsoft updated Microsoft Security Advisory 2286198 to provide an automated "Fix It" solution to implement the workaround provided in the original Security Advisory release.

The Fix it disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server R2.

Complete details about the Fix it solution to both enable the workaround and disable it after a security update has been released are available in Microsoft KB 2286198.



Enable Workaround


Fix this problem
Microsoft Fix it 50486

NOTE: Applying the Fix it will require a restart of the machine.

After a security update is released for this vulnerability, you can undo the changes made by the Fix it solution by using Microsoft Fix it 50487:

Disable workaround

Fix this problem
Microsoft Fix it 50487


References:


My System SpecsSystem Spec
.

21 Jul 2010   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Thanx for the heads up
My System SpecsSystem Spec
21 Jul 2010   #3

Windows 7 x64 / Same
 
 

So after running this fix, you can't use shortcuts? No thanks.
My System SpecsSystem Spec
.


21 Jul 2010   #4

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

This is like killing the baby because he messed his diaper. How would one start a program...by going to the .exe in it's directory?
My System SpecsSystem Spec
21 Jul 2010   #5

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

No it will just Disable the displaying of icons for shortcuts

Quote:
An attacker could present a removable drive to the user with a malicious shortcut file, and an associated malicious binary. When the user opens this drive in Windows Explorer, or any other application that parses the icon of the shortcut, the malicious binary will execute code of the attacker’s choice on the victim system. An attacker could also set up a malicious Web site or a remote network share and place the malicious components on this remote location. When the user browses the Web site using a Web browser such as Internet Explorer or a file manager such as Windows Explorer, Windows will attempt to load the icon of the shortcut file, and the malicious binary will be invoked. In addition, an attacker could embed an exploit in a document that supports embedded shortcuts or a hosted browser control (such as but not limited to Microsoft Office documents).
Quote:
Impact of workaround. Disabling icons from being displayed for shortcuts prevents the issue from being exploited on affected systems. When this workaround is implemented, the system may display most icons as a "white" default object icon, which does impact usability. We recommend that system administrators test this workaround thoroughly prior to deployment. When the workaround is undone, all icons will reappear.
Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution
My System SpecsSystem Spec
21 Jul 2010   #6

Windows 7 x64 / Same
 
 

Captain, where have you been? I haven't seen you around lately. Either case, good to see you.
My System SpecsSystem Spec
21 Jul 2010   #7

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Quote   Quote: Originally Posted by Win7User512 View Post
Captain, where have you been? I haven't seen you around lately. Either case, good to see you.
Been a little busy lately ! Used to hop in when I'm free. Good to see you as well my friend.
My System SpecsSystem Spec
21 Jul 2010   #8

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote:
When this workaround is implemented, the system may display most icons as a "white" default object icon, which does impact usability.
It would have a very big impact on me, because I'm very visually oriented. I would prefer to risk having to reinstall everything, rather than install this.
My System SpecsSystem Spec
22 Jul 2010   #9

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Might be better to patch it. According to this article, MS may have a devil of a time fixing it.

Time will tell...

Windows Shortcut Bug May Be Hard to Patch

Windows Shortcut Bug May Be Hard to Patch - PCWorld

Quote:
Microsoft may have a tough time fixing the Windows shortcut vulnerability, a security researcher said today.
A noted vulnerability expert, however, disagreed, and said Microsoft could deliver a patch within two weeks.
"The way Windows' shortcuts are designed is flawed, and I think they will have a very hard time patching this," said Roel Schouwenberg, an antivirus researcher with Moscow-based Kaspersky Lab.
Schouwenberg based his prediction that a patch may prove elusive on the fact that Microsoft has never faced a security issue with shortcuts, and thus has no security processes in place that it can quickly tweak.
Quote:
"This may take them awhile to patch," said Schouwenberg. "But the wider-scale use of this is imminent."
My System SpecsSystem Spec
23 Jul 2010   #10

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

My System SpecsSystem Spec
Closed Thread

 Fix it Released for Security Advisory 2286198




Thread Tools



Similar help and support threads for2: Fix it Released for Security Advisory 2286198
Thread Forum
Fix it Released for Security Advisory 2286198 System Security
Security Advisory 2286198 Released Windows Updates & Activation
Microsoft Security Advisory (2286198) News
Security Advisory 983438 Released News
Security Advisory 981374 Released News
Security Advisory 981169 Released News
Security Advisory 979682 Released News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:30 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33