Home / bulletins

MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) - Version:1.1

Posted on 27 June 2007

Severity Rating: Important - Revision Note: Bulletin updated to reflect the appropriate registry key to use on Windows Server 2003 (all versions) to verify the files that this security update has installed. Also clarified the recommendation in the impact of the Disable the Shell Hardware Detection service workaround.Summary: This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin.An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We recommend that customers apply the update at the earliest opportunity.