CERT mailing list archives

Current Activity - Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

From: Current Activity <us-cert () us-cert gov>
Date: Mon, 2 Aug 2010 14:10:10 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

Original release date: August 2, 2010 at 1:55 pm
Last revised: August 2, 2010 at 1:55 pm


Microsoft has released security bulletin MS10-046 to address a
critical vulnerability affecting Microsoft Windows. This vulnerability
is due to the failure of Microsoft Windows to properly obtain icons
for shortcut files. By convincing a user to display a specially
crafted shortcut file, a remote attacker may be able to execute
arbitrary code.

US-CERT strongly encourages users and administrators to review
Microsoft security bulletin MS10-046 and apply any necessary updates
to mitigate the risks.

Additional information regarding this vulnerability can be found in
the following:
  * Microsoft Security Bulletin MS10-046
  * Microsoft Security Advisory 2286198
  * US-CERT Current Activity Entry "Microsoft Windows .LNK
    Vulnerability"
  * US-CERT Vulnerability Note VU#940193

Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/2286198.mspx>

<http://www.kb.cert.org/vuls/id/940193>

<http://www.us-cert.gov/current/#microsoft_windows_lnk_vulnerability>

<http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx>

====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_releases_out_of_band1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTFcJ8z6pPKYJORa3AQLvkAf/bn2MzXzW/N9+Vicd3ry0G/i7PSVa72Hf
45B32lAUSWVAdgrudNG837MkmOTIIHQR/uv6jdCaHxSKEmTWgMrdumUOFnosEnAA
m5T8wORraI9myi28ZeGFq5y7g8lBWzeUlOXpp35yhpyMUHSRMgQP7e/1kPhpP+bk
zGI60lawBJB7NETCSvJRT4t19iKdKPYw0AwKWCr0Iebfxiv6SYOEqXz6XNiE9NN1
EZoCh3296KZJpoqZuIott/3hDNQVPQlOK+DbIFNYMqdFvZGNaEqheBH89Tpxc4pR
cj/t7NDgwY40pLUYACKvjJ1FUDOo2kIMCQCYIhFegTLallUeq6sq2A==
=ylcM
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability Current Activity (Aug 02)