Windows Shortcut Zero-Day Gets Patch
Page 1 of 1
In part, the danger stems from the pure simplicity and ubiquity of what's vulnerable: .LNK shortcut files, found in all currently supported versions of Windows. As it turns out, the shortcut files are vulnerable due to a basic flaw in the way the Windows Shell handles them. Raising the risk factor even further is the fact that a number of malware families have been incorporating the vulnerability into their own attack vectors, according to security experts.
Now Microsoft is fighting back, issuing an out-of-band patch to close the security hole. eSecurity Planet has the story.
As expected, Microsoft on Monday delivered a patch for a critical zero-day vulnerability discovered last month in all supported versions of Windows, from XP through Windows 7.
Microsoft's (NASDAQ: MSFT) so-called "out-of-band" patch addresses a two-week-old security hole in the way that a component called the Windows Shell processes shortcut .LNK files. The files represent links to applications and are displayed as icons on a user's Windows desktop.