Microsoft's patch for Windows shortcut flaw has limitations

Most Windows users installed the zero-day LNK file patch without incident, but not all were so fortunate -- and Windows XP SP2 and Windows 2000 users are out of luck

As anticipated, Microsoft this week released its out-of-band patch for the zero-day LNK (and PIF) file security hole that afflicts every modern version of Windows -- that is, Windows XP SP3 systems or later.

Most systems patched without a hitch, but several Windows customers are howling in pain.

[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]

If you're stuck with the thankless job of vetting Microsoft patches before releasing them to the unwashed masses -- or, even more frustrating, if you pick up the pieces after a patch has gone awry -- there are a few details about the MS10-046/KB 2286198 patch that deserve your attention.

Most importantly, the patch is completely incompatible with earlier versions of ESET NOD32 Antivirus and ESET Smart Security. I've seen reports of systems that refused to install the patch, other reports of hangs in the middle of installation, systems that suffer sporadic and ill-defined problems after the patch goes in and, most harrowing, systems that freeze on reboot or jump joyfully into Blue Screen bliss. ESET acknowledges the problems on its Customer Care site, and recommends you download signature file version 5338 or later but doesn't offer a step-by-step solution.

The most thorough explanation I've found, with detailed workarounds, appears on the Wilders Security Forums.

As I explained in my Tech Watch post earlier this week, Microsoft faced a support dilemma when deciding whether to extend this patch to Windows XP Service Pack 2 and Windows 2000, both of which fell from support grace just a month ago. At first, Microsoft's choice wasn't clear at all: Microsoft's download site for the Windows XP patch originally said that the patch was available for both Windows XP Service Pack 2 and Service Pack 3. Shortly after the site went live, during Microsoft's Out-of-Band Security Release Webcast, the inclusion of SP2 was deemed a "typo" and reference to SP2 was removed from the site.

It now appears as if MS10-046/KB2286198 will not install directly on Windows XP SP2 systems, or on Windows 2000 systems. Those who are daring (read: foolish) enough to try will find that their PCs suffer from all sorts of random problems.

If you ran Microsoft's emergency Fixit tool, which turns all of your system icons into pictures of blank sheets of paper, you need to run the "Disable workaround Fixit" option available on Microsoft's KB page. Oddly, Microsoft recommends that you run the "Disable workaround Fixit" program before applying MS10-046/KB2286198, but the instructions on that page say the program's still there so you can run it after you install the patch.

I haven't heard of any problems running the "Disable workaround Fixit" before or after applying the patch.

Those of you who installed the free Sophos Windows Shortcut Exploit Protection Tool should remove it before installing the Microsoft patch. You can remove it via the usual Windows Add or Remove Programs routine.

Several people have asked me how they can protect their Windows XP Service Pack 2 systems. After all, this LNK/PIF zero-day hole threatens to expose every Windows XP SP2 system in the world to all sorts of mayhem. Microsoft, in its finite wisdom, has decided that it won't protect SP2 systems. If you can't or won't install SP3, what should you do?

My best advice at this point -- barring divine revelation on the Redmond campus -- is to install the Sophos Windows Shortcut Exploit Protection Tool. It's simple. It works (at least, I haven't heard of any problems). And it's the only game in town for XP SP2.

For those of you using Windows 2000, congratulations. The Sophos product doesn't work with Windows 2000. Your PC just turned into a virus magnet.

This article, "Microsoft's patch for Windows shortcut flaw has limitations" was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Join the discussion
Be the first to comment on this article. Our Commenting Policies