suraj.sun (1348507) writes "Microsoft has issued an "out of band" update to all versions of Windows to fix a critical vulnerability that has been exploited in the wild for over 2 weeks.
MS 10:046: Vulnerability in Windows Shell Could Allow Remote Code Execution-- addresses the vulnerability exploited by Stuxnet and other families of malware, described first by Belorussian security firm VirusBlokAda.
For most users, the update will be automatic via Windows Update, according to Microsoft.
The vulnerability is in the Windows Shell. It can allow remote code execution if the icon of a specially crafted shortcut is displayed.
PC Magazine: http://www.pcmag.com/article2/0,2817,2367282,00.asp
Link to Original Source