In a recent blog post, Dave Forstrom of the Microsoft Security Response Center (MSRC) announced plans to release a security update later today to plug up a security hole discovered two weeks ago..
"We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers," Forstrom wrote. "Additionally, we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers."
The security hole, which Microsoft outlined in a recent advisory, involves Windows' mishandling of shortcuts in such a way that an attacker could gain access to a person's system when the user clicks a specially crafted shortcut. Security firm Sophos described the vulnerability as a "nasty" rootkit because of the way "it bypasses all Windows 7 security mechanisms, including UAC, and doesn't require administrative privilege to run."