Friday, July 30, 2010

Microsoft Security Advisory 2286198


Microsoft Security Advisory (2286198)  is about to get a patch!

It's about time. We've all (at least those of us who pay attention to these things) been waiting for 2 weeks for this very important fix. MS says they will have it ready to roll on Monday.

For those not watching MS's every move, this bug allows a malicious user to create a special .lnk file (shortcut) on a USB drive, or hard drive, or shared drive on a network... etc. and when you just browse to the folder containing it, it exectues! No double-click, you just have to look at the folder it's in. Thanks to the folks at MS who fixed it so quickly. This was a scary bug.

Note, if you don't want to wait till Monday, you can fix it now. Just disable the "WebClient" service under Control Panel>Administrative Tools>Services
If you don't know what WebDAV is, you don't need that service running.


Oh, and one more thing:
Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious Web sites. Microsoft does
not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at
https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

(quoted directly from a Microsoft Security Bulletin)
Post a Comment