Panda Security CIO calls latest Windows zero-day flaw 'scary' – suggests Microsoft workaround is essential

Writing in his security blog, Corrons says this effectively translates to mean "any folder you open with a .lnk file (you know, those nice shortcuts we all have in our desktop) can execute a file without asking for permission".

"Yes, scary, I know", he said.

The main problem, says Corrons, is that this is not a vulnerability per se, but a feature.

"And it is included in all Windows versions, even those that are not supported anymore. And as it has to be fixed in each and every version of Windows, it will take more time to develop and test the patch", he explained.

According to the Panda Security CIO, Microsoft already had a workaround, and now has published a user-friendly version of the solution.

One of the side effects when applying the patch, he says, is that you will 'lose' the image of some of your icons.

"Well, this doesn't look nice but it is better than being infected. And, at least, you can see what it is when you put the mouse pointer over it", he said.

"So now, please, everybody using Windows has to apply the workaround, it is mandatory, as it is a matter of time to start seeing new malware using this technique to spread infections worldwide", he added.

 

What’s hot on Infosecurity Magazine?