Security Advisory 2286198 Released

Hi everyone,

We have released Security Advisory 2286198, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this vulnerability.

In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware, a threat family already known to the Microsoft Malware Protection Center. The MMPC has a blog post with more technical discussion of Stuxnet.

We recommend that customers follow the guidance provided in the Security Advisory, making note of mitigations and tested workarounds. We will continue to investigate the vulnerability and, upon completion of that investigation, we will take appropriate action to protect our customers.

Customers should be aware that signatures in up-to-date versions of Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform protect customers against the Stuxnet malware.

We are also actively working with members of our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Anyone believed to have been affected by this issue can visit: and should contact the national law enforcement agency in their country. 

We will continue to share updates on this blog and through our Twitter feed (@msftsecresponse).


Dave Forstrom
Director of Marketing Communications, Integrated Communications & Response