Microsoft announced in the Tuesdays bulletin that crooks have been exploiting a vulnerability that allows to execute malicious code using booby-trapped USB devices. The vulnerability affects all supported versions of Windows OS as confirmed by Microsoft. To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system. Microsoft has reason to believe that this vulnerability has been used in targeted attacks against customers. It affects functions that process so-called.LNK files Windows uses to display icons when a USB stick is plugged in.”]
Source: http://securityaffairs.co/wordpress/39301/cyber-crime/microsoft-fixes-usb-exploit.html