Microsoft released patch for Windows shortcut bug

Posted by

Microsoft released an out-of-band security update  that addresses a  critical Windows shortcut vulnerability which affected all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

The vulnerability was first reported by Brian Krebs which was discovered by VirusBlokAda, a  security firm based in Belarus.According to Microsoft Security Advisory this vulnerability could allow hackers to exploit the way Windows parses shortcut files, allowing malicious code to be executed when the icon of a specially crafted shortcut is displayed.


The security update protects against attempts to exploit this issue, if you are using using automatic updates, this update will be automatically  applied or you can download the update den pending upon your OS over here. But the patch is not available for Windows XP Service Pack 2 (32 bit version), for which Microsoft ended support on July 14, 201o.

  1. Yes, it was obvious that Microsoft will not release updates for windows XP as it is not supported 14, July 2010.

  2. Though this update is not available for windows XP sp2, sp2 users can avoid this vulnerability by installing Sophos Windows Shortcut Exploit Protection Tool. This software was released by Sophos just a week ago for same purpose.

  3. Sophos Windows Shortcut Exploit Protection Tool, it’s work??? or not? I want to know exactly.