How to fix CVE-2010-2568?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Is Windows affected by CVE-2010-2568?

CVE-2010-2568 presents notable security risk rated CVSS 7.8. Exploitation could compromise the security of affected deployments. This vulnerability is actively exploited in the wild (KEV-listed) and requires immediate remediation.

CVE-2010-2568

HIGH

2010-07-22 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:17 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:15 vuln.today

Public exploit code

Patch Released

Oct 22, 2025 - 01:15 nvd

Patch available

CVE Published

Jul 22, 2010 - 05:43 nvd

HIGH 7.8

Description

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Analysis

Windows Shell improperly handles .LNK shortcut files during icon display, allowing local or remote attackers to execute arbitrary code. This vulnerability was famously exploited by the Stuxnet worm to propagate via USB drives in 2010.

Technical Context

Windows Explorer automatically parses .LNK files to display their icons. The vulnerability lies in how the shell processes specially crafted Control Panel shortcut references, causing Windows to load and execute a malicious DLL when merely displaying the shortcut's icon in Explorer.

Affected Products

['Microsoft Windows XP SP3', 'Microsoft Windows Server 2003 SP2', 'Microsoft Windows Vista SP1/SP2', 'Microsoft Windows Server 2008 SP2 and R2', 'Microsoft Windows 7']

Remediation

Apply Microsoft security update MS10-046. Disable the display of shortcut icons via Group Policy as a workaround. Implement USB device control policies.

Priority Score

211

Low Medium High Critical

KEV: +50

EPSS: +92.1

CVSS: +39

POC: +20

CVE-2010-2568 vulnerability details – vuln.today

Back

CVE-2010-2568

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2010-2568

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code