What is the CVE-2017-8464 vulnerability and how does it work?

CVE-2017-8464 is a remote code execution vulnerability in Windows caused by improper handling of LNK (shortcut) files. When a user connects a USB drive, accesses a network share, or opens a directory containing a malicious .lnk file, the vulnerability can be triggered without any further user action, allowing an attacker to take control of the system. This principle is similar to the Stuxnet attack, and detailed testing is covered in the Exploitation Testing of Windows Lnk Remote Code Execution Vulnerability (CVE-2017-8464) article.