While this patch might stop some existing attacks, it’s not really a fix. First off, the type of people who might install a third party Windows patch are probably the exact same people who would be cautious about clicking on an LNK file embedded in a ZIP file. Second, even if this patch somehow became widespread, attackers would just shift their attacks into the 260 character limit. Sure, it would now be visible in the properties, people aren’t looking at the properties of LNK files.

The problem is this “vulnerability” is essentially “as designed”. LNK files exist to allow both pointers to other files and a quick way to run complex commands. It’s like calling powershell.exe a vulnerability, because it can be used to get up to all sorts of malicious stuff. Both are powerful tools on Windows, but those tools can be abused.