Posted by: Ken Harthun
Microsoft Windows, Patch management, Security, Vulnerabilities, Zero-day vulnerability
You probably heard all about Microsoft Security Bulletin MS10-046 – Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198). Microsoft actually issued a FixIt workaround last week; but, as many people found out, it wrecked the icons on their desktop causing them to display as white squares with no graphics.
On Monday, Microsoft issued a rare out-of-cycle patch to permanently fix the vulnerability. However, applying the patch does not disable the workaround, so those who used the FixIt solution will need to go here and use the “disable workaround” button. According to The Register, “. . . Microsoft released the update outside of its normal patching schedule because the vulnerability is being actively targeted. When the flaw first came to public attention three weeks ago, it was being used to attack SCADA — supervisory control and data acquisition — systems that control sensitive equipment at power plants, gas refineries, and other other critical infrastructure.”
Be sure all your machines have this one.