Last week, Microsoft announced a potentially serious vulnerability in all versions of Windows. The bug hasn’t been patched, but the company has offered a temporary solution.
The vulnerability allows hackers to run malware via a corrupted shortcut (.lnk or .pif) file. Because of the way Windows parses shortcut icons, users can inadvertently run the malicious code just by opening the folder containing the shortcut.
A patch is planned, but the timeframe hasn’t been announced. In the meantime, Microsoft posted a “Fix It” tool on its support site that automatically disables the displaying of Windows shortcut icons.
The company’s security advisory also contains instructions on how to do so by editing the registry.
This fix has a pretty significant impact on usability as it turns the usual icons for applications into generic white boxes.
Another workaround recommended by Microsoft: blocking the download of .pif and .lnk files at the network perimeter.