Workaround for the shortcut loading vulnerability on Win2k?

Specifically this vulnerability: http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx

I'm trying to give away an old Pentium II era computer, and Win2k SP4 is the only Windows version that'll run properly on it. I figure someone could put it to good use for document processing or something. But I want it to be secure enough that you can stick in a USB stick without the possibility of instant infection.

The autorun.inf thing I can deal with. Problem is, the shortcut vulnerability is unpatched and unpatchable in Windows 2000. There is a registry hack to deal with it, but that just makes shortcut icons not load, which compromises the user's experience rather badly.

So I came up with another possibility... Use a third-party file manager. The most likely install vector for malware using this vulnerability would be Explorer, not the taskbar; I figure that, if the third party FM doesn't use too many Explorer DLLs, it won't have the vulnerability, and can be used with reasonable safety.

The big question is... How likely is it that alternative file managers will use the vulnerable Explorer DLLs (I think the main one is Shell32.dll)? Is there any way I can test for the vulnerability in a given file manager?

 

I think there are just too many variables to try to "out-think" exploits as you are attempting to do.

When I finally retire my Win2K system, I'll junk it. I wouldn't chance giving it to someone who doesn't have security in place to run a non-supported, unpatched system.


----
rich

 

Hi,

You could still use it with HMP as it protects against that vulnerability





http://www.surfright.nl/en/hitmanpro

PS - To those that might wonder, i know my version isn't the latest

 

Oh... Didn't realize Hitman Pro could patch it on Win2k. Thanks.

(I ended up putting Zenwalk Linux on it. It's... Not very fast, but it's usable.)