Microsoft issues 'critical' patch for shortcut bug

Power station, PA The first attacks via the flaw were aimed at power station control systems

Related Stories

Microsoft has issued a "critical" security update to fix a flaw in the way Windows handles shortcuts.

The bug allowed attackers to craft booby-trapped shortcuts that allow them to take over a target computer.

Many users set up shortcuts to get to programs and places in Windows that they use regularly.

Microsoft said it released the patch because it had seen an increase in the number of attacks on the vulnerability.

The fix will be sent out to those that automatically update their machines. It will also be available via the Windows Update site.

The flaw was found in mid-July and allows malicious hackers to embed commands in shortcuts that are executed when that quick link is used or viewed. Every version of Windows is vulnerable to the flaw.

The first exploits of the flaw were seeded via infected USB drives and network connections. While exploitation of the flaw was limited initially, the tempo of attacks via the bug has escalated since it was discovered and publicised.

Early attacks using the bug were aimed at the software control systems for critical infrastructure such as power stations.

Microsoft signalled the severity of the problem by releasing an update outside its usual patch cycle. Security fixes are usually issued on the second Tuesday of every month.

Christopher Budd, senior security response manager at Microsoft, wrote on the company's security blog: "We're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability".

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.