To the sufferer, the .lnk file seemed prefer it opened a folder or launched a trusted software, however in actuality, it may execute an arbitrary script, a dropper, or living-off-the land command.
0patch researchers affirm the problem to have been considerably resolved after Microsoft quietly” bundled a repair into its November Home windows Updates. “There was no point out of something remotely akin to this problem amongst its 63 patched vulnerabilities,” the researchers mentioned, including the repair was possible utilized beneath the guise of a practical bug quite than a security vulnerability.
“Now, the ‘Properties’ dialog of a .lnk file reveals all the Goal command with arguments, irrespective of how lengthy it’s,” the researchers added. Microsoft didn’t instantly reply to CSO’s request for feedback.
