Microsoft released an emergency patch for a “critical” crack in Windows operating system software that could let hackers take control of computers over the Internet.
“The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed,” the US technology giant said in a security bulletin ranked ‘Critical.’
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.”
Computer users commonly use short-cuts in the form of on-screen icons they can click to instantly awaken favored applications.
The Windows flaw lets hackers booby-trap such icons with malicious software that could let them control machines from afar.
Microsoft routinely releases software patches the second Tuesday of each month but resorts to making patches available “out of band” when it deems situations dangerous.
“Several families of malware have been attempting to attack this vulnerability,” Microsoft Trustworthy Computing response manager Christopher Budd wrote in a blog post.
“We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.”
Some attacks have reportedly been directed at power plants and other vital infrastructure. People using computers running on any version of Windows software were urged to apply the update immediately.