Results 1 to 5 of 5

Thread: Fix it Released for Security Advisory 2286198

  1. 21st July 2010, 02:08 #1
    Corrine's Avatar
    Corrine
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default Fix it Released for Security Advisory 2286198

    Microsoft updated Microsoft Security Advisory 2286198 to provide an automated "Fix It" solution to implement the workaround provided in the original Security Advisory release.

    The Fix it disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server R2.

    Complete details about the Fix it solution to both enable the workaround and disable it after a security update has been released are available in Microsoft KB 2286198.

    NOTE: Applying the Fix it will require a restart of the machine.



    After a security update is released for this vulnerability, you can undo the changes made by the Fix it solution by using Microsoft Fix it 50487.


    References:

    * KB 2286198: Vulnerability in Windows Shell could allow remote code execution
    * MSRC Blog: Security Advisory 2286198 Updated
    Reply With Quote Reply With Quote
  2. 1st August 2010, 02:14 #2
    Corrine's Avatar
    Corrine
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    On Monday, August 2, Microsoft will release an Out of Band update addressing the vulnerability in Security Advisory 2286198. As indicated by Christopher Budd in the MSRC Blog:
    "We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. Additionally, we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers."
    Details about the threat are available in the MMPC Blog.

    MMPC Blog: Stuxnet, malicious .LNKs, ...and then there was Sality
    MSRC Blog: Out of Band Release to address Microsoft Security Advisory 2286198
    TechNet: Microsoft Security Bulletin Advance Notification for August 2010
    Reply With Quote Reply With Quote
  3. 1st August 2010, 15:51 #3
    amon91's Avatar
    amon91
    amon91 is offline Beginner
    Join Date
    Jul 2010
    Posts
    38

    Default

    Glad they're coming up with a real patch because that was a cheesiest fixit utility ever (well, at least it worked but at a huge cost). Looking forward to it.
    Reply With Quote Reply With Quote
  4. 2nd August 2010, 04:49 #4
    HappyAndyK's Avatar
    HappyAndyK
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,559

    Default

    Thanks for the heads up Corrine
    The Windows Club | TWC News
    Reply With Quote Reply With Quote
  5. 2nd August 2010, 06:24 #5
    optimus's Avatar
    optimus
    optimus is offline Windows Enthusiast
    Join Date
    Apr 2010
    Posts
    94

    Default

    thanks a lot,corrine...when i updated my hitman pro3.5.6 to build 108 version ,it gave me a option to fix the LNK vulnerability....so,i enable that protection...:-)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22