Attacks targeting the way Windows processes shortcuts to local files are already in the wild as Microsoft rushes out an unscheduled patch.
Microsoft gave advance notice Friday that it plans to release an out-of-cycle security patch on Monday aimed at fixing a critical zero-day hole in all supported versions of Windows that is already being exploited.
The exploit takes advantage of a hole in the way a component called the Windows Shell processes some shortcut files. The bug first surfaced in the wild in mid-July, according to a Security Advisory issued by Microsoft on July 16.
At that time, the attacks were “limited” and “targeted,” Microsoft said in the advisory.
Now the company is nearly ready to release the patch just as attacks are escalating.