Yesterday, Microsoft released an out-of-band security update to address the .LNK vulnerability described in Microsoft Security Advisory 2286198. Microsoft Security Bulletin MS10-046 addresses one vulnerability in Windows, has a maximum severity rating of Critical, and an Exploitability Index rating of 1. The security vulnerability affects all supported editions of Windows including Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

Microsoft recommends that customers and partners install the update immediately.  Additionally, we recommend that partners patch their own systems and then reach out to their customers to ensure that their systems are secure.  The security update protects against attempts to exploit the vulnerability by several malware families.

IT professionals may also want to view the out-of-band bulletin release overview webcast with Christopher Budd, senior security response communications manager, Microsoft, for a quick synopsis of the highest risk and impact scenarios.  You can view this webcast on demand at this link: Information About Microsoft's August 2010 (Out-of-Band) Security Bulletin Release

Public Resources related to this alert:

• Security Bulletin MS10-046 – Vulnerability in Windows Shell Could Allow Remote Code Execution
• Security Advisory 2286198 – Vulnerability in Windows Shell Could Allow Remote Code Execution
• Microsoft Security Response Center (MSRC) Blog
• Microsoft Security Research & Defense (SRD) Blog
• Microsoft Malware Protection Center (MMPC) Blog
• Microsoft Security Development Lifecycle (SDL) Blog

Microsoft Security Bulletin MS10-046

• Executive Summary: This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. The security update addresses the vulnerability by correcting validation of shortcut icon references. This security update also addresses the vulnerability first described in Microsoft Security Advisory 2286198 – Vulnerability in Windows Shell Could Allow Remote Code Execution.
• Affected Software: This security update is rated Critical for all supported editions of Microsoft Windows.
• Exploitability Index Rating: CVE-2010-2568: Shortcut Icon Loading Vulnerability (EI = 1)
• Attack Vectors:
  • A maliciously crafted shortcut file.
  • Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
• Mitigating Factors:
  • Users would have to be persuaded to visit a malicious web site.
  • Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Blocking outbound SMB connections on the perimeter firewall reduces the risk of remote exploitation using file shares.
• Restart Requirement: The update will require a restart
• Publicly Disclosed? Yes – this vulnerability was publicly disclosed prior to release. More information is contained in Microsoft Security Advisory 2286198 – Vulnerability in Windows Shell Could Allow Remote Code Execution.
• Exploited? Yes – this vulnerability has been exploited in the wild at release
• Full Details: Security Bulletin MS10-046 – Vulnerability in Windows Shell Could Allow Remote Code Execution

Thank you and have a wonderful day,

Eric Ligman – Follow me on TWITTER, LinkedIn, and RSS and see “What I’m thinking”
Global Partner Experience Lead
Microsoft Worldwide Partner Group
This posting is provided "AS IS" with no warranties, and confers no rights