@hdmoore first hinted at the widespread bug in a message on Twitter. “The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,” he tweeted, then linked to an advisory published by Acros, a Slovenian security firm.
HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit confirmed that the flaw “applies to a wide range of Windows applications,” and added that he stumbled across it while researching the Windows shortcut vulnerability, a critical bug that Microsoft acknowledged in July and patched on Aug. 2 using one of its rare “out of band” emergency updates.
More details :- http://www.computerworld.com/s/article/9180901/Update_40_Windows_apps_contain_critical_bug_says_researcher
