Use Microsoft Fix it to disable .LNK and .PIF File Functionality exploited by Stuxnet Rootkit

by Venkat eswarlu on July 21, 2010

in security

MicrosoftFixittodisable.LNKshortcutexploitedbyStuxnetRootkit thumb Use Microsoft Fix it to disable .LNK and .PIF File Functionality exploited by Stuxnet Rootkit

As we covered workaround to block .LNK  shortcut vulnerability in Windows Shell exploited by Stuxnet Rootkit which has been released by Microsoft in their security advisory 2286198,good news is Microsoft offers Fix it for workaround to enable or disable .LNK Shortcut and PIF shortcut functionality.

So you need not require to manually disabling .LNK Shortcut as Microsoft Fix it does it for you.Due to applying Microsoft Fix it or workaround you may no longer  see graphical representation of icons .

You can implement this workaround that disables .LNK Shortcut and .PIF file  functionality automatically on a Computer  running on Windows XP/Server 2003/Vista/Server 2008/Server  R2.

For Microsoft Fix it to disable .LNK and .PIF file functionality click this link, if you want to disable workaround offered by Fix it click this link   .You need to use the first link.

You need to restart your Computer after using this workaround to take affect on your Computer.

Microsoft Security Advisory 2286198

SHARE

Related Posts:

{ 3 comments… read them below or add one }

meh July 29, 2010 at 8:33 pm

“disabling .LNK Shortcut” fix is its own barrel of diseased monkeys

users are not going to be thrilled at having zero graphical difference between shortcuts.

hardcoding anyone?

Reply

Venkat July 29, 2010 at 9:05 pm

@Meh
Sophos released Windows Shortcut Exploit Protection Tool which not only detects and block shortcut exploits but also don’t disable the shortcuts like happens with use of Microsoft Workaround and Fix it tool.
Check this link
http://techdows.com/2010/07/download-sophos-windows-shortcut-exploit-protection-tool.html

Reply

meh July 29, 2010 at 9:49 pm

@Venkat

Perhaps you missed the offhanded comment by sophos that their tool *only* monitors not-fixed discs.

In a situation where something is downloades from the interwebs by a user to a fixed disc seems not to be addressed — at least based on the description of the tool by sophos team

Reply

Leave a Comment

{ 2 trackbacks }

Previous post:

Next post: