• Understanding the LNK 0day “USB drive” security hole

    Posted on July 21, 2010 at 03:47 CDT by Comment in the Forums

    If you’re confused and concerned about all the talk of a USB-based security hole in Windows, there’s more and less to the matter than what you’ve probably heard.

    I have an article on InfoWorld Tech Watch that tries to explain what’s happening. Basically, the problem has nothing to do with USB drives or whether AutoRun is enabled on a PC or not. It has everything to do with how Windows handles calls for showing the icons in a shortcut.

    Right now there’s nothing you can do about it, but be of good cheer: there aren’t any exploits in the wild (far as anyone knows) except the original one, which targeted businesses with a Siemens SCADA industrial computer system. On the other hand, there’s a working “exploit” now available via Metsploit, so more cracks are undoubtedly on their way.

    Stay tuned.

    UPDATE: Oooops. I gave you a bad link, originally. There’s now a fix, described in this Tech Watch post.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.