Microsoft has released a security advisory addressing a vulnerability in the way Windows parses shortcuts. In Advisory 2286198, issued Friday and updated Monday, the software giant said "malicious code may be executed when a specially crafted shortcut is displayed," even without any user action to run the executable. The company said it is working on a security update.