Microsoft to Patch Critical Shortcut Flaw Today

Dennis Faas's picture

Microsoft's Windows Shortcut Flaw has certainly grabbed headlines these past few weeks. Fortunately, the company looks ready to move beyond the sensational headlines with a new, permanent fix due out later today.

A flaw associated with .LNK (shortcut files) in Windows 2000 through Windows 7 was first discovered about two weeks ago by security researchers. At first, the issue involved industrial firm Siemens and could only be transmitted through infected USB key, variants of the bug have spread to common Windows users.

Worse yet, researchers found that merely plugging a compromised USB stick into a PC could cause infection without opening any files and without having Autoplay turned on. (Source:

Workarounds Not Popular

Recent attempts to fix the issue with workarounds have ranged in convenience, with Microsoft's own option being the least popular.

That is ready change now that Microsoft has announced it will release a permanent fix for the shortcut exploit today. The company posted on its Malware Protection Center Threat Research & Response blog that it would issue the fix outside of its monthly Patch Tuesday schedule.

A Highly Virulent Strain

The threat, which operates under the family name Sality, is considered very serious by Microsoft and third-party security experts alike. "Sality is a highly virulent strain," said Microsoft's Holly Stewart. (Source:

"It is known to infect other files, copy itself to removable media, disable security, and then download other malware. It is also a very large family -- one of the most prevalent [virus] families this year."

The number of systems infected by Sality actually remains quite low, but the strain has shown incredible growth in recent days. Prior to July 23, only a few systems were reporting infection -- but by the end of the month about 8,000 computers had reported issues related to Sality. Brazil PCs are currently the most-targeted, with the those in the U.S. a close second.

Microsoft is expected to issue the patch for all versions of Windows around 1:00 p.m. Eastern Standard Time (EST).

Rate this article: 
No votes yet