Security researchers at VirusBlokAda identified an exploit in multiple versions of the Windows operating system that allow a compromised USB key to use Windows shortcuts to deploy malware on a user's PC. The only thing a user has to do to infect one's PC is to look at the contents of the USB key via Window Explorer.
Microsoft is now planning to release a patch Monday to address the shortcut exploit. According to the Microsoft Malware Protection Center's Threat Research & Response Blog, a rise in exploits under the family name Sality have picked up Microsoft's attention—so much so, that Microsoft's releasing this fix "out-of-band," or outside of the typical Windows monthly update schedule.
"Sality is a highly virulent strain. It is known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware.
Users can expect to see the aforementioned patch hit their systems around one p.m. Eastern Time on Monday. As mentioned, it will go live for all versions of Windows, as all are equally affected by the shortcut exploit.