Microsoft has reported the first critical 'zero-day' vulnerability in the Windows 7 Service Pack 1.
The company advised developers testing the SP to update their systems before the vulnerability can be exploited.
In an advisory, the company explained: “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut.”
The company also said that the vulnerability can be exploited using a removable device such as a USB stick.
The vulnerability affects both 32-bit and 64-bit versions of Windows 7, as well as Windows XP Service Pack 3 and Windows Vista Service Pack 1 and 2.
Microsoft said that the critical zero-day vulnerability also affected all supported versions of Windows client or servers.
Microsoft has confirmed that it is working on developing a permanent patch for the zero-day vulnerability.
Until the patch is released, Microsoft has advised users to disable the ability to display icons for shortcuts and the the WebClient service, to prevent the flaw being exploited.