Archive for July, 2010

Windows bug- ugh!

July 31, 2010

There is a new windows security issue.  An out of cycle patch is coming on Monday August 2, 2010.  This vulnerability is bad!  Make sure you get this patch.

“Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.”

http://www.microsoft.com/technet/security/advisory/2286198.mspx

http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/

Advertisements