Advertisement

Article

Microsoft rushes out shortcut vulnerability patch

Nick

Nick

  • Updated:

windowslogo.pngMicrosoft is expected to rush-out a security patch later today that addresses a security hole caused by shortcuts or .lnk files. The security threat means that cyber-criminals or hackers could use shortcuts on your desktop or elsewhere on your PC to take over your machine.

The patch will be issued via Windows Live Update automatically, or you can download it directly from the Microsoft website. The Telegraph reports that Microsoft claim there has been a surge in hackers trying to exploit the vulnerability since mid July when it was initially discovered:

“We’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability,” said Christopher Budd, a senior security response manager at Microsoft. “We firmly believe that releasing the update out-of-band is the best thing to do to help protect our customers.”

According the the BBC, the flaw allows hackers to embed malicious code into shortcuts which triggers the code when opened. Most worryingly, it seems hackers have been targeting power installation with it:

The first exploits of the flaw were seeded via infected USB drives and network connections. While exploitation of the flaw was limited initially, the tempo of attacks via the bug have escalated since it was discovered and publicised. Early attacks using the bug were aimed at the software control systems for critical infrastructure such as power stations.

Microsoft issued an alert about the problem on July 16 and have published a work around solution for those that want to take precautions before the patch is automatically applied.

Nick

Nick

Latest from Nick

Editorial Guidelines