Reference: http://support.microsoft.com/kb/2286198

To implement the workaround that disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server R2.

Enable workaround Fix It

If want to undo the workaround, click on disable workaround Fix It

Or you can apply yourself by doing some changes on registry.

Enable Changes:

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler

3. Click the File menu and then click Export.

4. In the Export Registry File dialog box, type LNK_Icon_Backup.reg and then click Save.

Note This will create a backup of this registry key in the My Documents folder by default .

5. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.

6. Locate and then select the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler

7. Click the File menu and then click Export.

8. In the Export Registry File dialog box, type PIF_Icon_Backup.reg and then click Save.

Note This will create a backup of this registry key in the My Documents folder by default

9. Select the value (Default) on the right pane in the Registy Editor. Press ENTER to edit the value of the key. Delete the value, so that the value is blank, and press ENTER.

Disable Changes:

How to undo the interactive method

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. On the File menu, click Import.

3. In the Import Registry File dialog box, select LNK_Icon_Backup.reg, and then click Open.

4. On the File menu, click Import.

5. In the Import Registry File dialog box, select PIF_Icon_Backup.reg, and then click Open.

6. Exit Registry Editor, and then restart the computer.

How to manually reset the Registry key values to the default values

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler

3. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}

4. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\piffile\shellex\IconHandler

5. Reset the registry key value to:
{00021401-0000-0000-C000-000000000046}

6. Restart the computer

View full post on Web Security Weblog

• Microsoft EMETv2 released, (Thu, Sep 2nd)
  Today, Microsoft released a new version of their Enhanced Mitigation Experience Toolkit. A rather unwieldy name, but quite interesting technology - with EMET, legacy applications on OS versions as far...
• Microsoft releases work-around tool for DLL loading vulnerability
  Microsoft has posted an advisory that explains the "DLL preloading attacks" and offers a work-around tool that “allows customers to disable the loading of libraries from remote network or WebDAV share...
• Microsoft Confirms DLL Issue, Releases Workaround
  In response to new developments in the old vulnerability of insecure DLL loading Microsoft has released an advisory describing the problem, actions that may be taken by users, administrators and devel...
• Undo the Microsoft Workaround After You Patch
  Make sure to apply the update that Microsoft released today for a critical vulnerability in the handling of shortcuts, but there's something else you might need to do. Two weeks ago, shortly...
• SophosLabs Released Free Tool to Validate Microsoft Shortcut, (Mon, Jul 26th)
  SophosLabs has just released a free tool that provides detection against the Windows shortcut exploit that we published last week here and here. Sophos has indicated it works with any antivirus softwa...
• A few facts about Win32/Stuxnet & CVE-2010-2568
  We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is impor...
• New beta of Microsoft Security Essentials released with network protection
  Microsoft has today both announced and released a beta version of its free Security Essentials anti-malware software. The new version of the lightweight anti-virus, anti-spyware so...
• Microsoft offers work-around to Windows XP flaw
  Microsoft has offered a work-around to Windows XP users affected after a flaw in the operating system was exploited. View full post on Network World on Security...
• Microsoft Adds Simplified Workaround For XP Help Bug
  Following up on the advisory they released yesterday, Microsoft has created "Fix it" links to implement their documented workarounds for an unpatched vulnerability in Windows XP's help system...
• Microsoft Released Early Notice for May Patch Tuesday
  Coming May 11, Tuesday, Microsoft will be releasing its monthly patch updates, and last Thursday, the company released an advance notification in its Microsoft TechNet site for the updates. Note that...