This one isn’t good. In fact, it’s downright scary. This exploits a vulnerability in Windows’ handling of LNK files. It affects ALL versions of Windows; at least all currently supported versions. No mention all unsupported versions, but assume they are affected as well. It is already being exploited by the Stuxnet rootkit and most likely many more nasty things very, very soon. Microsoft’s solution in Security Advisory 2286198 is to disable AutoRun completely, disable displaying of icons for programs, and disabling the WebClient service. That means disabling WebDAV and pretty much disabling icons for program links. It currently has an extremely high level of impact due to the simple nature of exploit. It is advised that antivirus is updated immediately (as in yesterday) as well as firewall inspection signatures are kept up-to-date to mitigate this.
US-CERT Vulnerability Note VU#940193
Discovered by VirusBlockAda on June 17
CVE-ID CVE-2010-2568
NVD-ID CVE-2010-2568
