Microsoft to patch Windows shortcut vulnerability
An emergency Windows software update will close a loophole in Microsoft’s operating system that makes it easy for hackers to take control of a computer using shortcuts
By Claudine Beaumont, Technology Editor
Published: 9:57AM BST 02 Aug 2010
Microsoft is releasing an out-of-band patch to guard against a vulnerability in the way it handles shortcuts, which could allow hackers to take remote control of a computer
Microsoft has confirmed that it will release an emergency, “out of band” patch to close a loophole that made it easy for hackers and cyber criminals to gain remote access to PCs.
The software update will patch a vulnerability in the way Windows XP, Windows Vista and Windows 7 handle shortcuts, also known as. lnk files. Microsoft said it had seen a significant “increase in attempts” by hackers over the last few days to take advantage of the loophole, which enables them to take control of a computer by tricking users in to clicking on infected shortcut links.
“We’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability,” said Christopher Budd, a senior security response manager at Microsoft. “We firmly believe that releasing the update out-of-band is the best thing to do to help protect our customers.”
Microsoft is expected to release the patch later today, and Windows users are advised to run a system update to install the patch and ensure their computer is protected against the vulnerability. Microsoft first warned Windows users about the vulnerability on July 16.
Security experts have advised Windows users to employ a “workaround solution” to tide them over until the patch has released. Microsoft released details of the temporary fix on its website, which showed users how to prevent. lnk folder icons from being displayed on their computer desktop.
