What makes the bug so nasty is that it can be triggered simply by opening a specially crafted file containing a single-line command, which directs PCs to a path that trips up Windows. When it was discovered, it was confirmed that the mischievous line of code could be hidden in a variety of file types, including ZIP archives, batch files, and even Windows shortcuts.
The Windows shortcut route is especially worrisome—a user would not even need to manually click on the icon, and instead could have their drive corrupted just by opening a file directory containing the icon.
"We are aware of this issue and will provide an update in a future release," Microsoft said in a statement at the time. "The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers."
So technically, there is a fix available. Unfortunately, it is not broadly available, and we have no idea when it will be pushed out to the public. Best case scenario is that Microsoft includes it in next month's Patch Tuesday update, or even as a standalone release. However, it is also possible that this fix will be part of a future feature update for Windows 10, meaning the vulnerability could potentially stick around for several more weeks or even months.
