What is all this talk about Windows shortcut bug ? The Links are vulnerable in the Windows shell. An Emergency patch has been issued this week to address this bug. It is indeed a critical bug.
This bug affects various versions of Windows like Windows XP, Windows server 2008 R2, Windows server 2008, Windows Vista and Windows 7. Microsoft had issued a temporary solution to the problem but this was unsatisfactory. This bug was dangerous since even the insertion of a USB drive will cause Windows to parse shortcut files, launching a harmful executable file without any further action from general user or administrator. If the users browse an infected network drive the same problem occurs. Christopher Budd, a communications manager admitted that attempts to exploit this bug had been on the increase. As expected Microsoft did not give this patch to Windows XP and other earlier versions of Windows as Microsoft was trying to sell the upgrade to these customers. This patch usually comes with Windows update. A security researcher said that Microsoft may have a difficult time removing this Windows shortcut bug. Customers have mixed opinions about the competency of Microsoft in fixing this bug. It is surprising that a vulnerability expert begged to differ saying Microsoft can release the patch in two weeks. An antivirus researcher said that the patch may be elusive as Microsoft had never faced a security related problem for shortcuts. Though Microsoft considers this bug a serious vulnerability no timeline has been set for fixing this bug. Microsoft admits that attackers and hackers are capable of using a malicious shortcut file. The situation can be more dangerous if hackers decide to use their USB pen drives to spread the attacker’s code. The truth is that all versions of Windows are equally vulnerable to attack including the just-released beta version of Windows 7 service pack 1. Attackers have exploited this bug to attain control of important computers at a customer of Siemens. Also Microsoft is running short of time and patch if and when ready will be widely used. This shortcut bug had widespread ramifications as customers feared that internet could also be affected. Some people compared this patch to the two patches issued earlier.
People are surprised how this bug had not surfaced earlier and how Microsoft had not detected during testing prior to release of the versions of Windows. This shortcut bug has been exploited well by hackers and attackers. Customers also feel that Microsoft may come up with a clever idea for the patch. All this only proves that even from a big company like Microsoft despite all the testing done prior to the release some bugs go unnoticed. Microsoft may as well come up with the patch soon but it should be ensured that future releases and versions should be properly tested for all types of conditions and circumstances before delivering it to the client. Since nowadays even people without much knowledge about computers are using them it will be all the more difficult to work on their Windows personal computer.