Microsoft Out Of Band Security Update Released

Martin Brinkmann
Aug 2, 2010
Updated • Dec 12, 2014
Security
|
7

Microsoft as expected has just released an out of band security update for the Windows operating system that fixes a critical security vulnerable.

The vulnerability affects all Microsoft operating systems that have been released in past years, including Windows XP, Windows Vista, Windows 7, and the Windows Server product line.

The severity of the issue and the fact that the security vulnerability was already exploited actively made the out of band release a necessity.

This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

windows security update
windows security update

The patch is available via Windows Update, or via Microsoft Download. Windows users are encouraged to download and install the patch as soon as possible to protect their operating system from attacks exploiting the issue.

The Microsoft Security Bulletin MS10-046 provides information about the patch. Its title is "Vulnerability in Windows Shell could allow remote code execution".

The list of affected operating systems includes all supported Windows client and server operating systems.

Additional information about the issue, deployment of the patch and vulnerability information are available at the Microsoft Security Bulletin.

Most Windows users will get the patch through Windows Update, the operating system's updating functionality which is set to automatic by default for security patches.

Update: Microsoft revised the Bulletin on August 24, 2010 to announce a change in detection and notes that this did not change the updated files in any way.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. ilev said on August 4, 2010 at 8:37 am
    Reply

    They should have done many things like fixing it back in Win95 , stop copy & paste of 20 years code from one version of Windows to other versions, or, if you need to copy & paste code every 3-4 years, at least check each line for security holes :-)

  2. Jashar said on August 3, 2010 at 11:31 am
    Reply

    @Martin. Although i managed to eventually work out the process myself, i will say thank you as i’m sure i’m not the only one who will have this problem.

    It would have been nice if Microsoft patch had detected if the previous Fixit option had been installed and uninstalled it as a result. But oh well, i guess that would make too much sense.

    1. Martin said on August 3, 2010 at 11:38 am
      Reply

      Jashar I totally agree with you, they should have done that.

  3. Jashar said on August 3, 2010 at 8:41 am
    Reply

    For me, since i applied their interim Fixit patch a couple of weeks ago (which turns all your shortcuts white) this new patch, while it may be effective, has not changed my icons back, they’re all still white!

    1. Martin said on August 3, 2010 at 10:10 am
      Reply

      Jashar, try the Fix-It to disable the workaround, you find it here http://support.microsoft.com/kb/2286198

    2. Martin said on August 3, 2010 at 10:08 am
      Reply

      Jashar, that’s strange. Microsoft did not mention that users who have applied the Fix-IT solution, or applied the patch manually, had to change something in addition to installing the new patch.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.