Security 10804 Published by

Microsoft has updated the following security bulletin:

- MS11-006 - Critical: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) - Version:1.1



MS11-006 - Critical: Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (February 14, 2011): Added an entry to the update FAQ to notify customers that before installing this security update, they must undo the workaround, "Modify the Access Control List (ACL) on shimgvw.dll on Windows XP and Windows Server 2003 systems", from systems where they have previously applied it.

Summary: This security update resolves a publicly disclosed vulnerability in the Windows Shell graphics processor. The vulnerability could allow remote code execution if a user views a specially crafted thumbnail image. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more