Microsoft as expected has just released an out of band security update for the Windows operating system that fixes a critical security vulnerable.
The vulnerability affects all Microsoft operating systems that have been released in past years, including Windows XP, Windows Vista, Windows 7, and the Windows Server product line.
The severity of the issue and the fact that the security vulnerability was already exploited actively made the out of band release a necessity.
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The patch is available via Windows Update, or via Microsoft Download. Windows users are encouraged to download and install the patch as soon as possible to protect their operating system from attacks exploiting the issue.
The Microsoft Security Bulletin MS10-046 provides information about the patch. Its title is "Vulnerability in Windows Shell could allow remote code execution".
The list of affected operating systems includes all supported Windows client and server operating systems.
Additional information about the issue, deployment of the patch and vulnerability information are available at the Microsoft Security Bulletin.
Most Windows users will get the patch through Windows Update, the operating system's updating functionality which is set to automatic by default for security patches.
Update: Microsoft revised the Bulletin on August 24, 2010 to announce a change in detection and notes that this did not change the updated files in any way.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.