Zero-day vulnerability in Microsoft Windows systems

Microsoft has confirmed the presence of zero-day vulnerability in all current versions of Windows. 

Vulnerability is caused by improper handling of shortcut (.LNK) files executed through the shell (typically Windows Explorer) and can be exploitedwhen the user launches such a shortcut through the associated icon. Then, operation system fails to properly validate the parameters, and malicious code in the .LNK file may be executed. Malware called Stuxnet, which executes automatically if user use an infected USB stick, has already been developed.The digital certificate, assigned to legitimate company Realtek Semiconductor, used to sign the malware components was revoked last week. Sophos organization has published a videoillustrating the attack in action against a fully patched Win 7 system. Microsoft lists two possible workarounds: disabling the display of icons for shortcuts or turning off WebClient service. Also, they begun investigation process and patch development. More information could be read at The Registerweb site.