Emergency Update For Windows 7

A patch released today by Microsoft plugs a very nasty security hole. If you’re a Windows 7 user and you haven’t set up your updates for automatic install, you might want to check the lower right hand side of your screen right now for the patch. The release is in a response to a new wave of malware designed to specifically target .LNK files, aka your desktop shortcuts.

This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported editions of Microsoft Windows.

Interestingly enough, the gaping hole has been known to exist in Windows systems for some time, but only now has there been an increase in exploit attempts.

Microsoft Security Bulletin