According to the arguments presented by Handler Lenny when the Infocon level was increased, we believe that the purpose of increasing the awareness on this vulnerability has been fulfilled, so we are falling back to green level. This does not imply that the threat is over.

If we see a major attack arise using this vulnerability, we will let you know and if it is bad enough we will raise infocon again.

Update: There is an interesting article from Didier Stevens about how to mitigate LNK exploitation with software restriction policies. Read it at http://blog.didierstevens.com/2010/07/20/mitigating-lnk-exploitation-with-srp/.

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org