Security 10748 Published by

Microsoft published the following security updates:

- MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) - Version:1.2
- Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution



MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) - Version:1.2
Severity Rating: Critical - Revision Note: V1.2 (August 24, 2010): Added an update FAQ to announce a detection change. This is a detection change only. There were no changes to the security update files in this bulletin. Customers who have already installed the update successfully do not need to reinstall.

Summary: This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more

Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution
Revision Note: V1.0 (August 23, 2010) Advisory published.

Summary: Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.
Read more