Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.
Microsoft is currently working to develop a security update for Windows to address this vulnerability.
The articles below describe samples of a nasty rootkit-type infection that exploits an as-yet-unpatched vulnerability in Windows Shell (basically ALL versions of Windows!)...
This exploit uses "drive-by" propogation techniques, immune to User Account Control, and does NOT depend on any user actions for initiation.
Although not yet in the wild, it is only a matter of time before this becomes a problem for us!
Links to full articles:
Microsoft Security Advisory 2286198: