Out-of-band Windows Security Patch to Address Windows Shell Vulnerability
Microsoft has announced plans to release an out-of-band update on Monday, August 2, 2010 at or around 10 AM PDT, to address CVE-2010-2568 (described in Microsoft Knowledge Base Article (2286198) as Vulnerability in Windows Shell could allow remote code execution).
The Microsoft Malware Protection Center (MMPC), along with other Microsoft Active Protection Program partners, have kept a close watch on the use of .LNK files exploiting this vulnerability. They have noticed an increase in attacks in the Windows operating systems, exploiting the vulnerability in LNK files. Due to this increase in the attacks, Microsoft is going to release the out-of-bound patch to protect PCs running Windows operating system from those attacks.
Microsoft Security Essentials until now provides protection against the known attack forms. Also, users were available to protect their Windows systems from those attacks either by using a Microsoft Fix-IT solution, or a solution called the G Data LNK Checker to block malicious LNK files, and then by using a Stuxnet Rootkit Remover to clean the infected computers from common Stuxnet variants.
The following charts shows this trend:
According to a blog post at the Microsoft Security Response Center, the patch is ready for distribution among customers.
We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. Additionally, we’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out-of-band is the best thing to do to help protect our customers.
Windows users should update their computer systems using the security patch, which will be released on August 2, 2010 at or around 10 AM PDT. The out-of-band security patch will be distributed through Windows Update, Microsoft Download and other official channels. Microsoft will also hold special edition of the bulletin release webcast on Monday, August 2, 2010 at 1:00 PM PDT. If you are interested in attending the webcast, click here to sign up.