Microsoft Out Of Band Security Update Released
Microsoft as expected has just released an out of band security update for the Windows operating system that fixes a critical security vulnerable.
The vulnerability affects all Microsoft operating systems that have been released in past years, including Windows XP, Windows Vista, Windows 7, and the Windows Server product line.
The severity of the issue and the fact that the security vulnerability was already exploited actively made the out of band release a necessity.
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The patch is available via Windows Update, or via Microsoft Download. Windows users are encouraged to download and install the patch as soon as possible to protect their operating system from attacks exploiting the issue.
The Microsoft Security Bulletin MS10-046 provides information about the patch. Its title is "Vulnerability in Windows Shell could allow remote code execution".
The list of affected operating systems includes all supported Windows client and server operating systems.
Additional information about the issue, deployment of the patch and vulnerability information are available at the Microsoft Security Bulletin.
Most Windows users will get the patch through Windows Update, the operating system's updating functionality which is set to automatic by default for security patches.
Update: Microsoft revised the Bulletin on August 24, 2010 to announce a change in detection and notes that this did not change the updated files in any way.Advertisement