Protection against LNK vulnerability (kb 2286198)

On this page:

Short description

Microsoft released a security advisory in which it warns for a new serious vulnerability in Windows. The vulnerability can be exploited to execute arbitrary programs on your computer, including viruses. The following operating systems contain the vulnerability: Microsoft Windows 2000, Windows XP, Windows Vista , Windows 7, Windows Server 2003 and Windows Server 2008.

Is my computer at risk?

Any PC running the Microsoft Windows operating system is at risk, because at this moment the vulnerability is actively exploited on the Internet by cyber criminals. The vulnerability can be exploited when you use Windows Explorer to open a folder containing a malicious shortcut. The vulnerability can be used to infect computers with a virus on a CD-ROM or USB Stick, when you open them with Windows Explorer.

What could happen?

By abusing the vulnerability, an attacker can gain control over your computer. It is possible that:

  • (Personal) information such as passwords or credit card information is stolen.
  • essential computer files are deleted, making the computer inoperable.
  • your computer is used for targeted attacks on other computers on the Internet, without notice or your consent.
  • your computer is used for sending spam, without notice or your consent.
  • recording of sound or image (your webcam) without you noticing. You, your family and your property can be monitored by someone else on the Internet.

How can I prevent this?

Microsoft has not released a definitive solution for this vulnerability. Because we have seen wide spread exploits using this vulnerability we have developed protection against it.
This protection is available in Hitman Pro 3.5.6 build 108 and is offered automatically. The protection prevents the automatic execution of malicious code when displaying icons. It is invisible and not only protects your computer against malicious shortcuts on network locations and removable drives, it also protects against malicious shortcuts on local stations (like on your desktop, in document folders, internet cache or other locations on your local hard drive).

Are there any side effects?

Microsoft and a few security vendors have also released a temporary fix for the vulnerability. But the protection against this vulnerability offered by Hitman Pro is different and has no side effects. An overview:

Description Microsoft
Fix from vendor A Fix from vendor B Hitman Pro (build 108)
Protection against malicious shortcuts on network locations and removable stations
Protection against malicious shortcuts on local stations  
Protection against malicious PIF files    
Retention of the graphical representation of icons on shortcuts to programs  
Retention of the graphical representation of icons on shortcuts to classes (such as network connections)  
Replacement of icon on shortcuts that may abuse the vulnerability      
Support for Windows 2000      

Where can I get Hitman Pro?

You can download a free copy of Hitman Pro using this link. A recommendation about enabling the protection against the LNK vulnerability appears automatically when you run Hitman Pro:

Click on Enable LNK protection to enable the protection immediately.

Hitman Pro is an on-demand anti-malware scanner and can remove any existing malware on your computer. To remove existing threats you can deploy the free 30-day license. You do not need a license to protect your computer against the LNK vulnerability.

How can I disable the protection against the LNK vulnerability?

Once Microsoft released a permanent solution to the problem, Hitman Pro will automatically disable the temporary protection.
You can also disable the protection manually on the Settings panel in Hitman Pro. Just uncheck the appropriate checkbox:

More information

Published: July 30, 2010.

About Us

SurfRight, the creators of HitmanPro, joined the Sophos family in 2015. We are innovators in online security, focused on developing new applicable technologies to fight malware, spam, phishing and other forms of cybercrime with experience and products stretching back over 30 years. Today our products help secure the networks used by 100 million people in 150 countries and 100,000 businesses, including Pixar, Under Armour, Northrop Grumman, Xerox, Ford, Avis, and Toshiba.