To read this article in its entirety, please visit eWeek: Stuxnet Malware Still Exploiting Microsoft Windows Security Hole

Microsoft is arming Windows users with a new automated tool to help thwart exploits of a zero-day that has come under attack.

The bug, which lies in the Windows shell component of the operating system, exists because Windows parses shortcuts in a way that permits malicious code to be executed when the icon of a shortcut is displayed. In an update to an advisory first issued last week, the company added information about attack vectors, noting the bug can be exploited locally through an infected USB drive or remotely via network shares and WebDAV.

To help block attacks, the company has released a “Fix it” tool to prevent shortcut icons from being displayed.

“This workaround will disable some icons from being displayed so we recommend administrators test this before deploying it wide,” blogged Christopher Budd, security response communications lead at Microsoft.

The company has also added information about a new workaround to the advisory on the issue, Budd noted. As an alternative fix, users can also block .LNK and .PIF files from downloading from the Internet, he wrote.