Microsoft Out Of Band Security Update Released
Microsoft as expected has just released an out of band security update for the Windows operating system that fixes a critical security vulnerable.
The vulnerability affects all Microsoft operating systems that have been released in past years, including Windows XP, Windows Vista, Windows 7, and the Windows Server product line.
The severity of the issue and the fact that the security vulnerability was already exploited actively made the out of band release a necessity.
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The patch is available via Windows Update, or via Microsoft Download. Windows users are encouraged to download and install the patch as soon as possible to protect their operating system from attacks exploiting the issue.
The Microsoft Security Bulletin MS10-046 provides information about the patch. Its title is "Vulnerability in Windows Shell could allow remote code execution".
The list of affected operating systems includes all supported Windows client and server operating systems.
Additional information about the issue, deployment of the patch and vulnerability information are available at the Microsoft Security Bulletin.
Most Windows users will get the patch through Windows Update, the operating system's updating functionality which is set to automatic by default for security patches.
Update: Microsoft revised the Bulletin on August 24, 2010 to announce a change in detection and notes that this did not change the updated files in any way.
Advertisement
They should have done many things like fixing it back in Win95 , stop copy & paste of 20 years code from one version of Windows to other versions, or, if you need to copy & paste code every 3-4 years, at least check each line for security holes :-)
@Martin. Although i managed to eventually work out the process myself, i will say thank you as i’m sure i’m not the only one who will have this problem.
It would have been nice if Microsoft patch had detected if the previous Fixit option had been installed and uninstalled it as a result. But oh well, i guess that would make too much sense.
Jashar I totally agree with you, they should have done that.
For me, since i applied their interim Fixit patch a couple of weeks ago (which turns all your shortcuts white) this new patch, while it may be effective, has not changed my icons back, they’re all still white!
Jashar, try the Fix-It to disable the workaround, you find it here http://support.microsoft.com/kb/2286198
Jashar, that’s strange. Microsoft did not mention that users who have applied the Fix-IT solution, or applied the patch manually, had to change something in addition to installing the new patch.