Security professionals are expressing concern that Microsoft’s recent security advisory about a current Windows vulnerability is misleading. Researchers say users don’t need to click on malicious icons in order to trigger malware exploiting the flaw, which is already in the wild and has already been the subject of attacks.
All you need to do is open a device/network share/WebDav point that has a malicious shortcut, and the vulnerability is exploited! It will run whatever code you program it to run. It is really simple to exploit. Any criminal with basic skills can take advantage of this flaw. We have not seen much activity in the wild yet, but now that a proof of concept has been posted on the web it most likely will become a major issue in the near future.