Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability
Last Revised
Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.
US-CERT strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.
Additional information regarding this vulnerability can be found in the following:
- Microsoft Security Bulletin MS10-046
- Microsoft Security Advisory 2286198
- US-CERT Current Activity Entry "Microsoft Windows .LNK Vulnerability"
- US-CERT Vulnerability Note VU#940193
This product is provided subject to this Notification and this Privacy & Use policy.