Barney's Blog

Blog archive

Microsoft Issues Zero-Day Warning, Fix-It Tool for 'Shortcut' Flaw

On Friday, Microsoft issued a zero-day (a.k.a. "It's here!") warning about a security flaw that can allow malicious code to get through to Windows desktops and servers (including Windows 7 and Windows Server 2008 R2) via "specially crafted" shortcut icons on attached devices such as USB drives.

Although an official patch has yet to arrive, Redmond yesterday released a so-called "Fix-it" tool that can implement the recommended workaround (disabling shortcut files) for you; the support page (KB338619) also offers instructions for doing the steps manually.

A complete list of the affected software is available on the security advisory here.

The flaw is associated with the spread of the "Stuxnet worm." More information on the underlying Stuxnet malware is available here.
-- By Becky Nagel

Posted by Becky Nagel on July 21, 2010


Featured

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Close Up Dollar Bill Graphic

    Price Increases Coming to Power BI, Microsoft Teams Phone

    Microsoft is preparing to implement the first price increases for two standalone products: Power BI and Microsoft Teams Phone.

  • Dynamics 365 Getting Data Security Boost from Druva

    Druva is working to extend its SaaS-based data security platform to support Microsoft's Dynamics 365 Sales and Dynamics 365 Customer Service products.

  • Microsoft Offers Monthly Billing for Annual Cloud Subscriptions

    Microsoft described a new monthly billing option for customers that have signed annual contracts for services like Microsoft 365, Windows 365, Power Platform and others.