Microsoft rushes out patch for critical shortcut flaw


Microsoft has issued an out-of-band patch today to address rising attacks against a critical Windows vulnerability discovered last month. The flaw in question involves the code that processes shortcut files ending in ".lnk" and allows malicious users to embed commands in shortcuts that are executed when the file is run. Making matters worse, every version of Windows is vulnerable and being used to spread a particularly nasty virus dubbed Sality.

According to a notice on the Microsoft Malware Protection Center, "Sality is a highly virulent strain […] known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware. It is also a very large family -- one of the most prevalent families this year." The fact that autorun can be used to start an attack process has helped this virus spread very fast.

The ~7MB patch just went live a few moments ago so it would be wise to check Windows Update to stay on the safe side. The update comes just over a week ahead of the regularly scheduled Patch Tuesday for the month of August.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.