Friday, 23 July 2010
Running Windows? Shut off shortcut icons.
Trend Micro’s ConterMeasures:
At this time there is no patch to fix this available. Microsoft does have a workaround here; applying it makes Windows display a generic icon rather than the application’s special one.
This exploit was first discovered in a trojan targeting Siemens SCADA control systems, but has now been spotted in the wild.
Elsewhere:
Comments are disabled.
Post is locked.
Trend Micro’s ConterMeasures:
On the 16th of July Microsoft released Security Advisory 2286198 confirming an as yet unpatched vulnerability in Windows Shell that exposes all users of all current versions of Microsoft Windows to very real risk of attack and infection.Or a malicious shortcut on a web page, or even an Office document(!).[1]
According to Microsoft “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.†So what does that mean in plain language?
It means that if any user of Microsoft Windows opens a folder containing a shortcut which has been designed to exploit this vulnerability, they will be infected. No opening of files required, simple browsing is enough.
Although Microsoft have stated that “This vulnerability is most likely to be exploited through removable drives†users should be on their guard against all shortcut files whose authenticity they cannot guarantee. This same vulnerability could be exploited though contaminated file shares or something as simple as a malicious compressed archive such as a zip file.
At this time there is no patch to fix this available. Microsoft does have a workaround here; applying it makes Windows display a generic icon rather than the application’s special one.
This exploit was first discovered in a trojan targeting Siemens SCADA control systems, but has now been spotted in the wild.
Elsewhere:
The Register: Yellow alert over Windows shortcut flaw
The Register: Microsoft issues stopgap fix for critical Windows flaw
-----The Register: Microsoft issues stopgap fix for critical Windows flaw
[1] LATER: More detail, from SANS Internet Storm Center:
The exploit is triggered every time a folder containing a malicious LNK files is opened (for example, with Windows Explorer). It does not matter where this folder is – it does not have to be on a USB device, but in order to execute to malicious binary, the attacker has to specify its location correctly.
Posted by: Old Grouch in
Linkage
at
17:16:11 GMT
| No Comments
| Add Comment
Post contains 322 words, total size 5 kb.
70kb generated in CPU 0.0603, elapsed 0.4029 seconds.
51 queries taking 0.3953 seconds, 207 records returned.
Powered by Minx 1.1.6c-pink.
51 queries taking 0.3953 seconds, 207 records returned.
Powered by Minx 1.1.6c-pink.