| By Susan Bradley |
When Microsoft releases a patch outside its normal twice-monthly cycle, it’s usually not one to ignore.
Hackers are already attacking PCs, using the vulnerability fixed by the out-of-cycle patch in Security Bulletin MS10-046.
Patch fixes security flaw in Windows shortcuts
MS10-046 details a critical patch to the Window Shell (the user interface) in all versions of Windows. It fixes a flaw which allows the shortcuts on your desktop to be used as attack vectors.
It started as a USB flash drive–based exploit which can infect your system simply by opening a flash drive in Windows Explorer. Now, there’s a potential threat whenever Windows loads shortcut icons for display — typically when a user browses Web sites, network drives, or flash drives.
If you are running ESET’s NOD32 antivirus, make sure you have the latest definition file. ESET’s Knowledgebase article NEWS94 details a known conflict between its product and the patch in MS10-046 which may cause your PC to bog down or drop into a BSOD.
► What to do: Accept the update as soon as it’s offered, or go to Support Bulletin MS10-046 and download the patch as soon as you can.