Skip navigation

Microsoft to Fix Shortcut Vulnerability Monday

Microsoft says that it will fix a widely-reported zero-day vulnerability in the way all modern Windows versions handle shortcut (*.lnk) files. The company had previously announced details about the vulnerability and released a pretty undesirable workaround that erases shortcut icons and replaces them with blank white icons. The out-of-band fix will be released Monday, over a week before the software giant's regularly-scheduled monthly security update release.

"Microsoft plans to release an out-of-band update to address \\[the shortcut vulnerability\\]," a posting to the Microsoft Malware Protection Center. The posting also describes how copycat attackers are predictably copying successful exploits, increasing the number of real-world attacks. Thus, Microsoft felt it couldn't wait on the fix.

According to the software giant, the fix should hit Windows Update at about 10:00 am Pacific Time (1:00 pm Eastern) on Monday. Given the severity of the flaw, and its widespread effect across all supported Windows versions, I recommend that all Windows users immediately download and install this patch.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish