Microsoft has issued an out-of-band patch today to address rising attacks against a critical Windows vulnerability discovered last month. The flaw in question involves the code that processes shortcut files ending in ".lnk" and allows malicious users to embed commands in shortcuts that are executed when the file is run. Making matters worse, every version of Windows is vulnerable and being used to spread a particularly nasty virus dubbed Sality.
According to a notice on the Microsoft Malware Protection Center
, "Sality is a highly virulent strain […] known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware. It is also a very large family -- one of the most prevalent families this year." The fact that autorun can be used to start an attack process has helped this virus spread very fast.
The ~7MB patch just went live a few moments ago so it would be wise to check Windows Update to stay on the safe side. The update comes just over a week ahead of the regularly scheduled Patch Tuesday for the month of August.