Main Menu

Well, we all knew this was bound to happen.  XP-SP2 reached its formal "end-of-life" on July 13, 2010 and then there is a critical vulnerability attached to all versions of Microsoft's Operating Systems.

This vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

Microsoft published patches to the Shell32 and it is now available for deployment.

Additional information can be found here:

So, what can a company do, that is still running XP-SP2?

The "easy" answer is upgrade to a supported version of the Operating System, preferably Windows 7.

But in the mean time, manual changes can be made to the registry to protect the endpoint.

A person can run regedit and change the following keys:

"HKEY_CLASSES_ROOT\lnk\file\shellex\IconHandler" Default = "{00021401-0000-0000-C000-000000000046}"

to

"HKEY_CLASSES_ROOT\lnk\file\shellex\IconHandler" "Default"=""

and

"HKEY_CLASSES_ROOT\pif\file\shellex\IconHandler" "Defualt" = "{00021401-0000-0000-C000-000000000046}"

to

"HKEY_CLASSES_ROOT\pif\file\shellex\IconHandler" "Default"=""

Again, your best bet is to move forward to a a supported version of the Operating System.

This type of problem will happen again and again.

In related news, Microsoft stated to patch the client first, then the servers.

See the Network World Article

If you are looking for additional Windows 7 information, click here.