A couple of weeks ago, I posted a note about a newly reported Windows vulnerability, related to Windows “shortcut” files, which have a .LNK extension. (The vulnerability is documented in Microsoft Security Advisory 2286198.) A few days later, there were reports of an exploit being published, and apparently some well-known malware sources have begun to include exploits for this flaw in their offerings.
Microsoft has now announced, in a TechNet blog post, that it will release an out-of-schedule patch to fix this vulnerability on Monday, August 2, at around 10:00 AM PDT. According to the announcement, Microsoft has been seeing an increasing number of attacks directed against this vulnerability.
I will post another note when the fix is actually available, or if I get any more information.