Microsoft has posted an out-of-band patch for the .lnk vulnerability (CVE-2010-2568) that was widely exploited after it was made public two weeks ago. The company announced Friday that the patch would be forthcoming, saying that the Sality malware family, and specifically Sality.AT was actively exploiting the weakness.
Microsoft Security Bulletin MS10-046 here.
“This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
“This security update is rated Critical for all supported editions of Microsoft Windows.”
Microsoft did not provide patches for Windows 2000 and Windows XP SP2, since support has ended for them.
Tom Kelchner
View full post on Sunbelt Blog
Related Posts
- Microsoft will do out-of-band patch for .lnk vulnerability
On MondayMicrosoft has announced that it will make public an out-of-band patch to fix the high-profile .lnk file vulnerability (CVE-2010-2568).Holly Stewart, MMPC, wrote today: “As mentioned earlier t... - Microsoft Windows SMB “mrxsmb.sys” Remote Heap Overflow Vulnerability
Technical Description
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers or malicious users to cause a denial of service or take complete control o... - Microsoft Warns of Windows Script Injection Vulnerability
Microsoft tonight released a security advisory for a publicly-disclosed vulnerability in all versions of Windows. Security Advisory 2501696 describes a bug in the MHTML handler in Windows wh... - Microsoft patches critical Windows drive-by bug
Microsoft today patched three vulnerabilities in Windows, one that could be exploited by attackers who dupe users into visiting a malicious Web site.
Full story: Computerworld Security News... - Targeted attacks against recently addressed Microsoft Office vulnerability (CVE-2010-3333/MS10-087)
Last November, Microsoft released security bulletin MS10-087, which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-... - Malicious .RTF Files Exploit Microsoft Office Vulnerability
A stack-based buffer overflow vulnerability in Microsoft Office was recently discovered to have been actively exploited in the wild. Trend Micro now detects the exploit .RTF files as TROJ_ARTIEF.SM.
... - Microsoft Patches Pre-Announcement, (Thu, Nov 4th)
Microsoft published its pre-announcement for next Tuesday's patch release [1]. Looks light and easy this time. A total of 3 patches. One for Office, one for Powerpoint and one for the Forefront Unifie... - Microsoft Advises on Unpatched IE Vulnerability
Note: Post authored by Larry Seltzer.
Microsoft has issued an
advisory on a vulnerability in Internet Explorer that could allow malicious code from a visited web site to execute.The company ... - Prepare for Record Onslaught of Patches from Microsoft
Next Tuesday will be Microsoft's Patch Tuesday for the month of October. IT admins, consider this your advance notice to clear your calendar for next week and prepare to address a record-setting 16 se... - Microsoft Patches ASP.NET Flaw
Microsoft today released a security bulletin and "out of band" update for a vulnerability affecting ASP.NET applications.
View full post on PCMag.com Security Coverage...
Posted on 03 August 2010. Tags: .LNK, Microsoft, Patches, Vulnerability
