Microsoft says that it will fix a widely-reported zero-day vulnerability in the way all modern Windows versions handle shortcut (*.lnk) files. The company had previously announced details about the vulnerability and released a pretty undesirable workaround that erases shortcut icons and replaces them with blank white icons. The out-of-band fix will be released Monday, over a week before the software giant's regularly-scheduled monthly security update release.
"Microsoft plans to release an out-of-band update to address \\[the shortcut vulnerability\\]," a posting to the Microsoft Malware Protection Center. The posting also describes how copycat attackers are predictably copying successful exploits, increasing the number of real-world attacks. Thus, Microsoft felt it couldn't wait on the fix.
According to the software giant, the fix should hit Windows Update at about 10:00 am Pacific Time (1:00 pm Eastern) on Monday. Given the severity of the flaw, and its widespread effect across all supported Windows versions, I recommend that all Windows users immediately download and install this patch.