A bug in the way that Windows handles shortcuts, which has existed for well over ten years, was recently exploited. The exploit carries the usual scary sounding ‘may result in your PC being taken over’ warning. I am not making light of this either, but that warning is pretty universal, I think.
Anyway, the exploit is so devious that all one needs to do is just SEE an evil link to be in danger. In fact, once you can SEE it, you probably are at risk. Microsoft has acknowledged the problem and have, in fact, issued both instructions for a temporary work around as well as a ‘one click fix’ for the problem. The workaround involved a registry change that TURNS OFF THE DISPLAY OF THE ICONS, resulting in the generic white paper icon leaving you to guess what they mean.
This is a really nasty bug and Microsoft-WHO SHOULD HAVE FOUND AND FIXED THIS ALREADY-is expected to release a more palatable and permanent fix for the next set of bug fixes and security plugs, expected the second Tuesday of August.
I have to wonder how this problem has been allowed to exist for TEN YEARS or more. I suspect it goes back further than Windows 2000, probably back to Windows 95. Really, Microsoft? I’m pretty light on placing blame on them, usually exploits are in little known corners of Windows and easier to miss. Unfortunately, this is not one of them. In all of the so-called code reviews that they did as a result of the security push they, supposedly, initiated with XP, how did they miss this?
You can go here to read the advisory from Microsoft. PLEASE NOTE: using the ‘Fit it for me’ button will result in all of your icons being replaced. I’m not really sure what’s worse, the exploit or the cure.