Microsoft Out-of-Band bulletin addresses LNK/Shortcut vulnerability
As announced on Friday, Microsoft released an out-of-band bulletin to address the recent Shortcut/LNK exploits. As confirmed in Microsoft's announcement, various malware is now attempting to exploit this vulnerability. The vulnerability is rather easy to exploit in particular given the tools available to craft necessary shortcuts.
Clients are the main target but servers are as vulnerable and should be patched as soon as possible. Please report any issues you have with the patch !
# | Affected | Contra Indications | Known Exploits | Microsoft rating | ISC rating(*) | |
---|---|---|---|---|---|---|
clients | servers | |||||
MS10-046 | Vulnerability in Windows Shell (LNK/Shortcut) | |||||
Windows Shell CVE-2010-2568 |
KB 2286198 | actively exploited. | Severity:Critical Exploitability: 1 |
PATCH NOW! | PATCH NOW! |
-----
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments
http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx
Jim
Aug 2nd 2010
1 decade ago
Jim
Aug 2nd 2010
1 decade ago
Gary
Aug 2nd 2010
1 decade ago
http://www.microsoft.com/downloads/details.aspx?familyid=12361875-B453-45E8-852B-90F2727894FD&displaylang=en
Winders
Aug 2nd 2010
1 decade ago
Lupine
Aug 2nd 2010
1 decade ago
Paul
Aug 3rd 2010
1 decade ago
Unfortunately, our icons did NOT return after applying the MS10-046 patch. As a result we are having to revert the previous 'Fix' to get the icons to display. However, with SP2 still lingering... careful scripting is reverting the 'fix' for only systems with MS10-046 installed.
Anyone else experience this?
thegeeknme
Aug 3rd 2010
1 decade ago
MowGreen
Aug 3rd 2010
1 decade ago
http://kb.eset.com/esetkb/index?page=content&id=SOLN2523
" If you are experiencing a system hang or blue screen error after attempting to install Microsoft security update (KB2286198), you will need to update your ESET security product. This issue is due to a potential conflict with the Windows update and ESET NOD32 Antivirus and ESET Smart Security. Downloading a new ESET virus signature update (version 5338 and later) will resolve this issue. "
MowGreen
Aug 3rd 2010
1 decade ago
jsoberoi
Aug 3rd 2010
1 decade ago