Windows Shortcut Zero-Day Gets Patch

Windows LNK vulnerability


Microsoft today is taking steps to lock down a nasty vulnerability that reared its head only last month and is already ballooning into a widespread threat.


In part, the danger stems from the pure simplicity and ubiquity of what’s vulnerable: .LNK shortcut files, found in all currently supported versions of Windows. As it turns out, the shortcut files are vulnerable due to a basic flaw in the way the Windows Shell handles them. Raising the risk factor even further is the fact that a number of malware families have been incorporating the vulnerability into their own attack vectors, according to security experts.


Now Microsoft is fighting back, issuing an out-of-band patch to close the security hole. eSecurity Planet has the story.


As expected, Microsoft on Monday delivered a patch for a critical zero-day vulnerability discovered last month in all supported versions of Windows, from XP through Windows 7.

Microsoft’s (NASDAQ: MSFT) so-called “out-of-band” patch addresses a two-week-old security hole in the way that a component called the Windows Shell processes shortcut .LNK files. The files represent links to applications and are displayed as icons on a user’s Windows desktop.



Read the full story at eSecurity Planet:


Microsoft Patches Zero-Day Security Hole in Windows Shortcuts

News Around the Web