"An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
It is important to note that the vulnerability does not affect Windows 7 or Windows Server 2008 R2. However, it does affect Windows Vista, Windows Server 2003, and Windows XP.
In addition to the common sense advice to enable a firewall, get software updates (including third-party software) and install antivirus software, Microsoft has created a Fix it solution as a workaround option for some scenarios. To enable the solution until a security update is released, download and run Microsoft Fix it 50590. After a security update is released, merely reverse the process by downloading and running Microsoft Fix it 50593.
Enable: Microsoft Fix it 50590
Disable: Microsoft Fix it 50593
- Microsoft Fix it: Vulnerability in Graphics Rendering Engine could allow remote code execution
- Microsoft Security Advisory (2490606)
- CVE Reference: CVE-2010-3970
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Advisory, Vulnerabilities, Information, Windows XP, How To,