Randy Abrams
Randy Abrams

What is it?
LNK/Exploit.CVE-2010-2568 is one of the names for the generic detection of a malicious .lnk file that attempts to exploit a Windows vulnerability. Microsoft released a patch, and there are mitigation techniques that are effective, but ugly. The result is that many shortcuts do not display their icons anymore, including start menu and quick launch icons.


How does it work?
Even though this vulnerability is patched, attempts to exploit it are going to be included in many bots and other malware families as an attempted infection vector. The vulnerability allows code to be executed simply by viewing the icon of a specially crafted .lnk file. For those unpatched, this means that even if you have autorun disabled, you can put a USB drive in your computer and get infected by viewing the contents of the device in Windows Explorer or any other file manager that displays icons. Listing the directory in a command window is safe.

How can I prevent it?
Install the patch provided on Aug. 2.