Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Watch out for this nasty zero-day exploit


  • Please log in to reply
4 replies to this topic

#1 n2fc

n2fc

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:29 AM

Posted 21 July 2010 - 04:56 AM

Executive Summary
Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts.

Microsoft is currently working to develop a security update for Windows to address this vulnerability.


The articles below describe samples of a nasty rootkit-type infection that exploits an as-yet-unpatched vulnerability in Windows Shell (basically ALL versions of Windows!)...

This exploit uses "drive-by" propogation techniques, immune to User Account Control, and does NOT depend on any user actions for initiation.

Although not yet in the wild, it is only a matter of time before this becomes a problem for us!


Links to full articles:
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/

http://www.infoworld.com/t/anti-virus/watch-out-nasty-zero-day-exploit-740

Microsoft Security Advisory 2286198:
http://www.microsoft.com/technet/security/advisory/2286198.mspx


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:29 AM

Posted 21 July 2010 - 01:12 PM

US-Cert: Vulnerability Note VU#940193 - Microsoft Windows automatically executes code specified in shortcut files

Workaround with Microsoft FixIt
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:29 AM

Posted 21 July 2010 - 09:30 PM

Why start another thread ? There was already a thread opened for this vulnerability.
http://www.bleepingcomputer.com/forums/t/332413/zero-day-windows-vulnerability/

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:29 AM

Posted 22 July 2010 - 06:34 AM

My fault. I moved this thread from the AntiVirus, Firewall and Privacy Products and Protection Methods forum and didn't notice there was a similar thread here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:05:29 AM

Posted 23 July 2010 - 11:48 AM

There was a mention of the autorun and autoplay features in that last article. Just a question. I have autoplay and autorun set to ask me what I want to do before anything is done. In fact, I hate it when an automatic action is chosen for me when a drive is inserted. Any other ideas from the community? Thanks.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users