Security Corner

Aug 6 2010   8:06PM GMT

Microsoft Issues Emergency Out-of-cycle Patch for Windows Shell Vulnerability

Ken Harthun Ken Harthun Profile: Ken Harthun

You probably heard all about Microsoft Security Bulletin MS10-046 – Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198). Microsoft actually issued a FixIt workaround last week; but, as many people found out, it wrecked the icons on their desktop causing them to display as white squares with no graphics.

On Monday, Microsoft issued a rare out-of-cycle patch to permanently fix the vulnerability. However, applying the patch does not disable the workaround, so those who used the FixIt solution will need to go here and use the “disable workaround” button. According to The Register, “. . . Microsoft released the update outside of its normal patching schedule because the vulnerability is being actively targeted. When the flaw first came to public attention three weeks ago, it was being used to attack SCADA — supervisory control and data acquisition — systems that control sensitive equipment at power plants, gas refineries, and other other critical infrastructure.”

Be sure all your machines have this one.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: