domingo, 1 de agosto de 2010

Sality

Description -

A vulnerability exists in the Microsoft Windows Shell component that may allow the execution of malicious code. The flaw occurs due to Windows improperly handling file shortcuts. Exploitation can be achieved through multiple vectors, including manipulation of a specially-crafted .LNK or .PIF file & browsing a drive/shared location with a specially-crafted .LNK or .PIF file.

Recommendations -

The vendor has released an advisory on this issue: http://www.microsoft.com/technet/security/advisory/2286198.mspx The vendor has posted the following workaround: http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b2286198 Microsoft will release an out-of-band patch to address this issue on 8/2/2010 http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

Microsoft             NAI