"Third party applications are currently being used as the vector for attack and customers who have applied the security updates available from these vendors are currently protected. However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability – they just close an attack vector."
The reported attacks are limited, however, the normal warning applies regarding the not opening unsolicited attachments in emails, regardless of the sender. The additional caution of not visiting untrusted websites applies equally.
MSRC Blog Post: October 25th Update To Security Advisory 943521
Original SG post: Microsoft Security Advisory 943521 Released
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.