A serious flaw that affects all versions of Microsoft Windows, from Windows 2000 through Windows 7 has been discovered, publicized, and already exploited by hackers. The exploit is especially dangerous because all the user has to do is open a folder containing an infected file with a .LNK extension. The exploit then runs automatically.

Malware already exists that exploits this flaw. At present this malware is programmed to seek out industrial control systems, infrastructure, SCADA systems, and so forth, but versions that spread widely are sure to come soon.

Centers that monitor the health of the Internet are raising the threat level from green to yellow.

The danger remains until Microsoft issues a fix. An additional big problem is that there are still many systems out there running Windows 2000 and Windows XP SP2 and Microsoft no longer issues patches for those operating systems.

http://www.guardian.co.uk/technology/2010/jul/22/microsoft-windows-flaw