Microsoft has released an out of batch security patch to prevent the shortcut exploit threat. Shortcuts in all windows versions are the link to execute various programs features and settings. It has been observed that Malware and virus coders exploiting the .LNK files (shortcut files) to access the control of the programs and settings. Windows shell loopholes in validating the specific parameters of shortcuts are pointed out as the main cause of this vulnerability.
Propagation of this threat is mainly through USB drives. Disabling the auto play facility will not be worked out to prevent this threat. You are opening the door for threat while accessing the infected machine using Windows explorer or similar utilities.
Microsoft says “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user”
The attacker can control an affected system remotely with the same right as of a local user. Means he can install programs, view, edit or delete data. If you are browsing the net as a less privileged user, then the impact of attack will be less.
This vulnerability is marked as “critical” and applicable for all Windows versions including the latest Windows 7. Turn on automatic updates and Windows will be updated automatically with this critical security patch. You can download the patch from Microsoft Update and Windows Update. This is also available for download at Microsoft Download Center.