Workaround for the shortcut loading vulnerability on Win2k?

Discussion in 'other security issues & news' started by Gullible Jones, Mar 8, 2011.

Thread Status:
Not open for further replies.
  1. Specifically this vulnerability:

    I'm trying to give away an old Pentium II era computer, and Win2k SP4 is the only Windows version that'll run properly on it. I figure someone could put it to good use for document processing or something. But I want it to be secure enough that you can stick in a USB stick without the possibility of instant infection.

    The autorun.inf thing I can deal with. Problem is, the shortcut vulnerability is unpatched and unpatchable in Windows 2000. There is a registry hack to deal with it, but that just makes shortcut icons not load, which compromises the user's experience rather badly.

    So I came up with another possibility... Use a third-party file manager. The most likely install vector for malware using this vulnerability would be Explorer, not the taskbar; I figure that, if the third party FM doesn't use too many Explorer DLLs, it won't have the vulnerability, and can be used with reasonable safety.

    The big question is... How likely is it that alternative file managers will use the vulnerable Explorer DLLs (I think the main one is Shell32.dll)? Is there any way I can test for the vulnerability in a given file manager?
  2. Rmus

    Rmus Exploit Analyst

    Mar 16, 2005
    I think there are just too many variables to try to "out-think" exploits as you are attempting to do.

    When I finally retire my Win2K system, I'll junk it. I wouldn't chance giving it to someone who doesn't have security in place to run a non-supported, unpatched system.

  3. CloneRanger

    CloneRanger Registered Member

    Jan 4, 2006

    You could still use it with HMP ;) as it protects against that vulnerability :thumb:



    PS - To those that might wonder, i know my version isn't the latest :p
  4. Oh... Didn't realize Hitman Pro could patch it on Win2k. Thanks.

    (I ended up putting Zenwalk Linux on it. It's... Not very fast, but it's usable.)
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.