[BigFix-Announcements-Japan] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (Japanese)'
autonotify at bigfix.com
autonotify at bigfix.com
Sat Jul 24 02:30:32 PDT 2010
Fixlet Site - 'Patches for Windows (Japanese)'
Current Version: 367 Published: Fri, 23 Jul 2010 19:47:10 GMT
New Fixlets:
============
***************************************************************
Title: Security Advisory 2286198: Vulnerability in Windows Shell Could Allow Remote Code Execution (Japanese)
Severity: N/A
Fixlet ID: 228619801
Fixlet Link: http://www.microsoft.com/technet/security/advisory/2286198.mspx
Fixlet Description: Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts. Microsoft is currently working to develop a security update for Windows to address this vulnerability. This Fixlet disables the displaying of icons for shortcuts and/or disables the WebClient service. This is Microsoft's suggested workaround before a patch is available.Note: After deploying this fixlet you can restore your system using Fixlet Message #228619803, "Security Advisory 2286198: Vulnerability in Windows Shell Could Allow Remote Code Execution - Restore".
Important Note: After implementing this change, icons for shortcuts and/or the WebClient service will be disabled. Please take extra caution to qualify this change in a test environment prior to use in a production environment.
***************************************************************
Title: Security Advisory 2286198: Vulnerability in Windows Shell Could Allow Remote Code Execution - Restore (Japanese)
Severity: N/A
Fixlet ID: 228619803
Fixlet Link: http://www.microsoft.com/technet/security/advisory/2286198.mspx
Fixlet Description: Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts. Microsoft is currently working to develop a security update for Windows to address this vulnerability. This Fixlet re-enables the displaying of icons for shortcuts and/or re-enables the WebClient serviThce. This is Microsoft's suggested workaround before a patch is available.
More information about the BigFix-Announcements-Japan
mailing list