Barney's Blog

Blog archive

Microsoft Issues Zero-Day Warning, Fix-It Tool for 'Shortcut' Flaw

On Friday, Microsoft issued a zero-day (a.k.a. "It's here!") warning about a security flaw that can allow malicious code to get through to Windows desktops and servers (including Windows 7 and Windows Server 2008 R2) via "specially crafted" shortcut icons on attached devices such as USB drives.

Although an official patch has yet to arrive, Redmond yesterday released a so-called "Fix-it" tool that can implement the recommended workaround (disabling shortcut files) for you; the support page (KB338619) also offers instructions for doing the steps manually.

A complete list of the affected software is available on the security advisory here.

The flaw is associated with the spread of the "Stuxnet worm." More information on the underlying Stuxnet malware is available here.
-- By Becky Nagel

Posted by Becky Nagel on July 21, 2010 at 11:53 AM


Featured

  • Everything Microsoft Announced at Its Surface Event

    Microsoft showed off its updated and expanded line of Surface devices this week, positioning the new Surface Laptop Studio as its flagship Windows 11 laptop.

  • M&A in Microsoft Channel: Progress Acquires Kemp

    Longtime Microsoft partner Progress Software is acquiring another Microsoft partner in Kemp Technologies.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Microsoft Says System Center 2022 Will Arrive Early Next Year

    Microsoft is planning to release its new System Center product in the first quarter of 2022, with a private preview arriving within months.