Microsoft releases patch to address Windows shortcut exploit

Today, Microsoft released an out-of-band patch for the Windows .lnk extension exploit that was announced several weeks ago. The exploit can allow unauthorized users to execute arbitrary code if an “icon of a specially crafted shortcut is displayed.” Microsoft said: “An attacker could disseminate a USB or other removable drive with a malicious shortcut file on it and when the target victim opens the drive in Windows Explorer or any other application that parses the icon of the shortcut, the malicious code would execute on the victim’s computer. An attacker could also embed malware in a malicious Web site, a remote network share, or in a Microsoft Word document.” Lately, the .lnk exploit, which is actually a vulnerability found in the Windows Shell, has been spreading via the Sality.AT virus, according to a Microsoft blog post. Regardless, the patch is out there and the bug is present in virtually all versions of Windows, if you’re a Windows user, we highly suggest you install it now.

Read

blog comments powered by Disqus