Windows Enterprise Desktop

Aug 2 2010   2:14PM GMT

Windows Shell Vulnerability to Get Emergency Update Today

Ed Tittel Ed Tittel Profile: Ed Tittel

The shortcut vulnerability I reported on in my blog last week “Vulnerability in Windows Shell could allow remote code execution” — namely by enabling malefactors to include malicious code as part of a Windows shortcut definition, so that said code executes whenever the shortcut is used — has apparently been judged serious and scary enough to warrant what Microsoft calls an “out-of-band update” that precedes the August Patch Tuesday update release (8/10/2010). I guess that means it really does pose a serious threat, as I had guessed that it might from its technical description.

According to InfoWorld “Microsoft … said it will isse an emergency patch for the critical Windows shortcut bug on Monday, August 2.” Upon seeing increased attempts to exploit this vulnerability in the field, MS decided to speed up release of the update to provide much-needed protection as soon as possible. According to the Infoworld report, the patch should become available at or around 1 PM EDT (GMT -05:00) today. Because you never know what kind of software users are likely to install on their PCs, this is one upate that should be pushed into deployment as soon as vetting and authorization processes allow. It probably also warrants an email to users exhort them to apply this patch to personal or home machines ASAP as well.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: