In recent months, researchers outlined vulnerabilities in Firefox and Internet Explorer that could allow an attacker to execute malicious code and compromise a target system. Later on, researchers discovered similar problems with other applications, including Adobe Reader and Outlook Express, suggesting that the problem wasn't with a single application, but rather with the way that Windows handles messages between a web browser and other applications.
Microsoft now agrees with that assessment and will issue an update to a Windows function known as ShellExecute so that it sanitizes the links it is processing. Microsoft gave no expected release date for the update, however. As always, users are advised not follow un-trusted links or browse un-trusted websites.