As I explained in my Tech Watch post earlier this week, Microsoft faced a support dilemma when deciding whether to extend this patch to Windows XP Service Pack 2 and Windows 2000, both of which fell from support grace just a month ago. At first, Microsoft's choice wasn't clear at all: Microsoft's download site for the Windows XP patch originally said that the patch was available for both Windows XP Service Pack 2 and Service Pack 3. Shortly after the site went live, during Microsoft's Out-of-Band Security Release Webcast, the inclusion of SP2 was deemed a "typo" and reference to SP2 was removed from the site.
It now appears as if MS10-046/KB2286198 will not install directly on Windows XP SP2 systems, or on Windows 2000 systems. Those who are daring (read: foolish) enough to try will find that their PCs suffer from all sorts of random problems.
If you ran Microsoft's emergency Fixit tool, which turns all of your system icons into pictures of blank sheets of paper, you need to run the "Disable workaround Fixit" option available on Microsoft's KB page. Oddly, Microsoft recommends that you run the "Disable workaround Fixit" program before applying MS10-046/KB2286198, but the instructions on that page say the program's still there so you can run it after you install the patch.
I haven't heard of any problems running the "Disable workaround Fixit" before or after applying the patch.
Those of you who installed the free Sophos Windows Shortcut Exploit Protection Tool should remove it before installing the Microsoft patch. You can remove it via the usual Windows Add or Remove Programs routine.
Several people have asked me how they can protect their Windows XP Service Pack 2 systems. After all, this LNK/PIF zero-day hole threatens to expose every Windows XP SP2 system in the world to all sorts of mayhem. Microsoft, in its finite wisdom, has decided that it won't protect SP2 systems. If you can't or won't install SP3, what should you do?
My best advice at this point -- barring divine revelation on the Redmond campus -- is to install the Sophos Windows Shortcut Exploit Protection Tool. It's simple. It works (at least, I haven't heard of any problems). And it's the only game in town for XP SP2.
For those of you using Windows 2000, congratulations. The Sophos product doesn't work with Windows 2000. Your PC just turned into a virus magnet.
This article, "Microsoft's patch for Windows shortcut flaw has limitations" was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.