Microsoft (NASDAQ: MSFT) has issued an emergency patch this week for a critical Windows bug that first came to light a few weeks ago. The out-of-band security update addresses the .LNK vulnerability in the Windows Shell which we reported on previously. This problem affects all versions of Windows including Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 and was serious enough that Microsoft issued a temporary workaround--though that proved somewhat unsatisfactory.

The flaw was particularly harmful in that even the insertion of an infected USB drive will cause the Windows subsystem to parse shortcut files, triggering the vulnerability and launching a malicious executable without further action from a user or administrator. The same vector could also take place should users browse to an affected network share.

Christopher Budd, a senior security response communications manager at Microsoft wrote about the emergency patch, noting that: "We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers." Budd admitted that there had been an increase in attempts to exploit this vulnerability. 

As expected, Microsoft did not offer a patch for customers using Windows XP SP2, who are well advised to install Windows XP SP3, or migrate to a newer version of Windows. However, the fact is that many companies are still running on Windows XP SP2 or earlier versions of Windows. It remains to be seen whether the bulk of such systems will remain unaffected, or end up as unwilling participants in a new wave of botnets.

The patch should come in via Windows Update for most users.

For more on this story:
- check out this article at Computerworld
- check out this article at eWeek

Related Articles:
Microsoft releases temporary workaround for Windows Shell flaw
Microsoft confirms new exploit involving Windows Shell
Microsoft: Nearly half of Windows 7 installs are 64-bit
Beta of Windows 7 SP1 now available to business testers
Hints of Windows 8
Seven copies of Microsoft Windows 7 sold per second