Desktop Deployment Planning Services
Desktop Deployment Planning Services (DDPS) can help your organization deploy Microsoft Office or Windows software to increase usage, improve productivity, and lower costs. Your DDPS consultant collaborates with you to create a comprehensive deployment plan that includes analysis, business case, process, and technical procedures.
Desktop Deployment Planning Services (DDPS) can help your organization deploy Microsoft Office or Windows software to increase usage, improve productivity, and lower costs. Your DDPS consultant collaborates with you to create a comprehensive deployment plan that includes analysis, business case, process, and technical procedures.
The service is based on the Solution Accelerator for Business Desktop Deployment and best practices from Microsoft. The objective is to help reduce the cost and complexity associated with high levels of process and automation. The number of engagement days is 1, 3, 5, 10, or 15—as determined by your Software Assurance coverage. SharePoint Deployment Planning Services SharePoint Deployment Planning Services (SDPS) is designed to help your organization plan an effective deployment that can optimize the core capabilities of Microsoft Office SharePoint Server. Your SDPS consultant analyzes your organizational environment and offers tools, services, and best practices that can help improve its productivity. The number of engagement days is 1, 3, 5, 10, or 15—as determined by your Software Assurance coverage. Exchange Deployment Planning Services Exchange Deployment Planning Services (EDPS) can provide a structured engagement to help guide your organization through the deployment planning stages of a Microsoft Exchange implementation. Your EDPS consultant reviews new Microsoft Exchange product features, shares best practices, analyzes organizational requirements, provides hands-on deployment training, and helps create comprehensive deployment and implementation plans. The number of engagement days is 3, 5, 10, or 15—as determined by your Software Assurance coverage. Business Value Planning Services Business Value Planning Services (BVPS) helps your organization's business decision makers develop a plan to maximize the business value of the Microsoft Office system through structured, multi-day engagements. Your BVPS consultant works with you to document, analyze, and design a plan that can help you unlock the potential of your existing investment, drive change, and improve your business processes. The number of engagement days is 3, 5, 10, or 15—as determined by your Software Assurance coverage.
|
|
Vulnerability in Windows Shell Could Allow Remote Code Execution
8/3/2010 10:35:03 AM
This security update is rated Critical for all supported editions of Microsoft Windows. The security update addresses the vulnerability by correcting validation of shortcut icon references.
Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for all supported editions of Microsoft Windows. The security update addresses the vulnerability by correcting validation of shortcut icon references. This security update addresses the vulnerability first described in Microsoft Security Advisory 2286198. Public Bulletin Webcast Microsoft will host a webcast to address customer questions on this bulletin: Title: Information About Microsoft's August 2010 (Out-of-Band) Security Bulletin Release Date: Monday, August 02, 2010, at 1:00 P.M. Pacific Time (U.S. & Canada). URL: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032456779 Public Resources related to this alert New Security Bulletin Technical Details In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at http://support.microsoft.com/lifecycle/. | Bulletin Identifier | Microsoft Security Bulletin MS10-046 | | Bulletin Title | Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) | | Executive Summary | This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. The security update addresses the vulnerability by correcting validation of shortcut icon references. This security update also addresses the vulnerability first described in Microsoft Security Advisory 2286198. | | Affected Software | This security update is rated Critical for all supported editions of Microsoft Windows. | | CVE, Exploitability Index Rating | - CVE-2010-2568: Shortcut Icon Loading Vulnerability (EI = 1)
| | Attack Vectors | - A maliciously crafted shortcut file.
- Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive.
| | Mitigating Factors | - Users would have to be persuaded to visit a malicious web site.
- Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Blocking outbound SMB connections on the perimeter firewall reduces the risk of remote exploitation using file shares.
| | Restart Requirement | The update will require a restart. | | | |
|