Microsoft Readies Emergency Patch For Windows Vulnerability
The fact that Microsoft is releasing the patch more than a week before the regularly scheduled “Patch Tuesday” on Aug. 10 is indicative of the seriousness of the flaw.
The patch corrects a flaw first highlighted in a Microsoft security advisory issued on July 16 and then updated July 20.
Microsoft said targeted attacks were exploiting a vulnerability in Windows Shell, a Windows component. The company said the vulnerability exists “because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.” Microsoft said the vulnerability could be exploited locally through a malicious USB drive or remotely through network shares and WebDAV.
Today’s bulletin said Microsoft has been watching the use of .LNK files that exploit the vulnerability, particularly a family of malware called Sality.AT.
Microsoft also said it was working with partners through its Microsoft Active Protections Program to provide their customers with assistance.