Monday, August 02, 2010

Critical Out-of-Band Update Released for MS10-046

Microsoft released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. The security update is identified as critical and addresses a vulnerability in the handling of shortcuts. The vulnerability affects all currently supported versions of Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

A restart is required to complete the installation of the update.


Notes
:
  1. If you installed the work around provided by Microsoft Fix 50486, you can undo the changes made by the Fix it solution by using Microsoft Fix it 50487 available in Microsoft KB 2286198.

  2. If you deployed the work-around via Group Policy, as illustrated by Microsoft MVP, Alan Burchill in How to workaround KB2286198 Shortcut Icon security issues with Group Policy, after installing the update, you will want to reverse the changes.

  3. It may be necessary to check with other vendors who released a work-around if you have issues after the update.
Please install this critical update as soon as possible.

From the Bulletin:

MS10-04 -- Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
References:

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: