Microsoft rushes out patch for critical shortcut flaw

By on
Microsoft has issued an out-of-band patch today to address rising attacks against a critical Windows vulnerability discovered last month. The flaw in question involves the code that processes shortcut files ending in ".lnk" and allows malicious users to embed commands in shortcuts that are executed when the file is run. Making matters worse, every version of Windows is vulnerable and being used to spread a particularly nasty virus dubbed Sality.

According to a notice on the Microsoft Malware Protection Center, "Sality is a highly virulent strain [] known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware. It is also a very large family -- one of the most prevalent families this year." The fact that autorun can be used to start an attack process has helped this virus spread very fast.

The ~7MB patch just went live a few moments ago so it would be wise to check Windows Update to stay on the safe side. The update comes just over a week ahead of the regularly scheduled Patch Tuesday for the month of August.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.