The problem stems from a flaw in the way the Graphics Rendering Engine processes thumbnail images in the affected versions of Windows. Microsoft said it is not aware of any affected customers or active attacks targeting the vulnerability. When successfully exploited, the vulnerability allows an attacker to take complete control of a user s machine, if that user had administrative access to the system. The company said the vulnerability won t warrant an out of cycle patch. Microsoft also advised customers to apply MS10-087, a security update published in November.
Source: https://threatpost.com/microsoft-warns-security-hole-windows-graphics-engine-010411/74820/

