Microsoft has reported the first critical 'zero-day' vulnerability in the Windows 7 Service Pack 1.
The company advised developers testing the SP to update their systems before the vulnerability can be exploited.
In an advisory, the company explained: “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut.”
The company also said that the vulnerability can be exploited using a removable device such as a USB stick.
The vulnerability affects both 32-bit and 64-bit versions of Windows 7, as well as Windows XP Service Pack 3 and Windows Vista Service Pack 1 and 2.
Microsoft said that the critical zero-day vulnerability also affected all supported versions of Windows client or servers.
Microsoft has confirmed that it is working on developing a permanent patch for the zero-day vulnerability.
No comments:
Post a Comment