• According to Luis Corrons, Technical Director of PandaLabs, “There is no doubt this will shortly be exploited by hackers. To avoid massive-scale infections, we advise users to patch this vulnerability as soon as possible”

PandaLabs, Panda Security’s anti-malware laboratory, is warning of the danger of a recently discovered Microsoft 0-day vulnerability, allowing unauthorized execution of a file through desktop shortcut icons. “This is not strictly speaking a vulnerability” –explains Luis Corrons, Technical Director of PandaLabs– “rather an old function for which security wasn’t fully considered during development. This affects all versions of Windows, even those for which maintenance has been discontinued by Microsoft.”

As it is impossible to develop patches for all operating systems, given the amount of work this would involve, and as exploits are now in circulation, Microsoft has released a small application as a workaround, until the definitive patch is developed. By applying it however, some shortcut icons may be lost.

Quick Launch bar after applying the patch

Until now, there have been some proof-of-concepts that used this function. “We have even seen it used to access critical infrastructure systems (SCADA), and it’s just a question of time until hackers exploit it. And when this happens, we could witness an old-style epidemic, with millions of users infected”, says Corrons.

As such we advise all Windows users to download and install the application, to ensure they are properly protected. We would also urge users to bear in mind the usual security advice that we offer, such as having a good antivirus installed and up-to-date (preferably with a cloud connection, to ensure a fast response to new malware), and updating and patching other software on the computer, etc”.

More information at PandaLabs Blog.