I'm getting a lot of emails about the recently discovered LNK exploit which makes nefarious use of the way Microsoft parses links and shortcut icons. Is it a big deal? Should you be worried? Should you just switch off your PC, unplug it and start using an abacus (or Mac? ... or Linux?)?
... breathe ... breathe ... oh, and DON'T PANIC!
First, some information as released by Microsoft.
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.
Here's a description of the vulnerability
What causes this threat? When attempting to load the icon of a shortcut, the Windows Shell does not correctly validate specific parameters of the shortcut.
In other words, a design flaw.
This vulnerability is present in 32-bit and 64-bit flavors of Windows XP, Server 2003, Vista, Server 2008, Windows 7 (including beta Service Pack 1) and Server 2008 R2 (including beta Service Pack 1). As you'd expect, Mac and Linux are unaffected.
Microsoft is working on an update, but as present there's no timeline for when a patch will be released.
While attacks using this do seem to be sophisticated, they are at present very limited in nature. Looks like someone crafted this attack for a specific job. The good news from that is that this vulnerability isn't in wide circulation. So while it could be loaded onto a USB flash drive or CD, or even leveraged remotely via network shares and WebDAV, the chances of you being affected by this vulnerability is as close to zero as to be zero.
On top of that, by now most of the top antivirus providers will have updated their signature files in order to be able to detect and defend against this nasty.
Also, for those of you who might be ultra paranoid, Microsoft has published workarounds which include stripping all icons away from shortcuts (something which I think will have a massive negative effect of productivity, to WebDAV client services (check out the Workarounds section of Microsoft advisory KB228698). For 99.9% of users out there, this should be unnecessary (especially if you run up-to-date antivirus). You can also chose to block LNK and PIF files at your borders if you have a firewall that accepts rules, which will provide protection from remote attacks.
For those wanting to know more, WebSense has a technical analysis here.
So, should you be worried? No.
[UPDATE: So, should you be worried ... ? Well, a little. These attacks have spread over the past few days, but still remain relatively low. However, if you are concerned, of feel that your antivirus software doesn't offer protection, it is advisable that you disable WebDAV client services, jsut to be safe.]