Save your work! Microsoft Releases Critical Security Patch

As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the patch to take effect.
Windows users can download and install the patch themselves, or allow Microsoft to apply it to their computer overnight using the Automatic Update service. If you choose the latter, be sure to save any open work on your computer before leaving the computer for the evening. Otherwise, you may find a freshly booted system when go to your PC the following morning.
Information about the vulnerability, along with the patch, can be found in the following Microsoft Security Bulletin:
Microsoft Security Bulletin MS10-046 – Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
Here is a list of all articles we have written about CVE-2010-2568 (the Common Vulnerability and Exposure number assigned to the threat) in the blog, as well as malware using it as a vector, such as Win32/Stuxnet.

Date

Article

July 27

More LNK exploiting malware, by Jove!*

July 23

Link Exploits and the Search for a Better Explorer

July 22 (continue reading...)