Microsoft released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. The security update is identified as critical and addresses a vulnerability in the handling of shortcuts. The vulnerability affects all currently supported versions of Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.A restart is required to complete the installation of the update.
Notes:
- If you installed the work around provided by Microsoft Fix 50486, you can undo the changes made by the Fix it solution by using Microsoft Fix it 50487 available in Microsoft KB 2286198.
- If you deployed the work-around via Group Policy, as illustrated by Microsoft MVP, Alan Burchill in How to workaround KB2286198 Shortcut Icon security issues with Group Policy, after installing the update, you will want to reverse the changes.
- It may be necessary to check with other vendors who released a work-around if you have issues after the update.
From the Bulletin:
MS10-04 -- Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)References:
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- MSRC Blog: MS10-046 Released Out-of-Band Today
- TechNet: Microsoft Security Bulletin Summary for August 2010
- Microsoft Security Bulletin MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment