MS security issue KB2286198 updated with workaround

I know that “News / Announcements / Feedback - CIS” is a common area of the forum that people visit, but it appears to be used to post unrelated stuff very frequently.

Anyway, thanks for the update on this interesting vulnerability.

The fix disables all icons. No thanks, I’ll take my chances until a patch comes out.

Sure! that was one pathetic “workaround” …softly speaking …Oh My! :smiley:

Since when are workaround supposed to be elegant? ??? 88) :o Elegance should be sought in the upcoming fix… or women… :wink: :smiley:

From what I understand, only new icons will not display. Existing icons will still display properly.

New information:
Unpatched shortcut vuln exploited by mainstream malware • The Register

If you scroll down and read this microsoft says all icons will change.

I am getting this inormation from the Win7 Forum, where it has been tested.
There is a thread there discussing this.

See here,
Those concerned, until MS does something right and more permanent.

https://forums.comodo.com/other-security-products/protection-against-lnk-vulnerability-kb-2286198-t59788.0.html;msg419681#msg419681

Bad

this is one huge vulnerability i dont mind the little ones but this is HUGE

There’s an out-of-band patch scheduled for Monday to fix this issue.

How would I know if ever I’m affected by it?

not as huge as the font you’ve used

You a are still using pathetic WinDos (why!!!), which has 17 years old much more dangerous flaws than this one … So ???

Regards

If the related services are not intercepted, and if the firewall/defense+ do not intercept the following communications, nothing but sometimes a unusual behavior (slow computer…) is able to show if one is affected by a “modern” malware, knowing how to hide itself.

Only third-party expert tools could in these conditions show it.

Speaking of this particular malware, it is said to be made to leak your personnal data, and aimed to do so rather in the corporate world as a spying mean.

Hi brucine ,
That’s not necessarily clear to whom you are replying.
As for 3rd party expert tools ??? I was always saying - that is the only way to fight malware (was & always will be) Those who are relying on Comodo or any other AV/security having in mind perfect detection / prevention/ or such a joke as “acid cleaning” by any given security / etc. are simply kidding themselves or having “Lucy in the sky with diamonds” (LSD) episodes :smiley:

I hope we are at the same page … but … who knows? - I could’ve got you message incorrectly
Cheers! ;D

You missed to note that this question:

How would I know if ever I'm affected by it?

was not answered.

I only tried to make some “guidance” to its author.

I am somewhat more moderate then you are about “ready to use” security software and suites.
You probably observed my repetitive irritation when answering to also repetitive"Comodo is the best" comments.
Now, “building” a reasonable level of security for Mr. Smith is one thing while of course speaking about “total security” is another story.
Even assuming it is not a theoric talk (and why not, i like the idea), it gets biased by many things, amongst which the most evident ones are the “in vitro” nature of the bypassing tests and the behavior of the user, including not only the os and hardware specifications, but also the inconsiderate use of some softwares and connexions.

Said shortly, using some of these suites (and why not Comodo, i am using myself cis v3 without the av) is of course not a total security for anyone, but still a valueable defense for Mr Smith if he does not spend most of his connexion playing with online games, p2p, porns and cracks: a the day speaking, the first defense remains the user himself.

As far as i am concerned, and most often using only a firewall, i never had whatever problem excepting 2 or 3 times in 20 years when downloading software on the “dark side” (not totally true, i also had once a malware not doing anything “wrong” in an internet cafe).
In nearly each of these instances, manual cleaning of the files and registry was enough, not even using security software or “third-party” tools.

But true enough, the “new” threats (rogues, rootkits…) lead one to also use a HIPS… and when still infected, it remains statistically unsignificant, the said “third-party” tools and also, don’t be confident to anyone or anything, permanents means of external native format backup and booting devices.

And most people are confident, maybe due to the propaganda “X is the best” to one of these security softwares to a point where they never build such means before the sh… hits the fan…

Windows update has a patch for this issue…

yup patch is out, please run windows update to get patched up. http://windowsupdate.microsoft.com