Is your system set to check automatically for updates? Did you force Windows Update to check for updates yesterday?
Well if you answered no to those questions then you need to fire up Windows Update and grab the critical out of band security update that Microsoft released yesterday.
Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Here are the links to the individual system downloads from the Microsoft Download Center:
- Windows 7
- Windows Vista
- Windows XP
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2
- Windows Service Pack 1 Beta
- Security Update for Windows 7 Service Pack 1 Beta (KB2286198)
- Security Update for Windows 7 Service Pack 1 Beta for x64-based Systems (KB2286198)
- Security Update for Windows Server 2008 R2 Service Pack 1 Beta x64 Edition (KB2286198)
- Security Update for Windows Server 2008 R2 Service Pack 1 Beta for Itanium-based Systems (KB2286198)
By the way – if your running Windows Home Server than you need to run the system update as well to get this fix on your server which is based on Windows Server 2003.