Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Almost every Windows program has 0-day vulnerability


  • Please log in to reply
10 replies to this topic

#1 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:26 AM

Posted 19 August 2010 - 10:16 PM

An unpatched problem with Windows applications is much worse than first thought, with hundreds of programs, not just 40, vulnerable to attack, a Slovenian security company said today.

"It was a shocking surprise," said Mitja Kolsek, CEO of Acros Security. "It appears that most every Windows application has this vulnerability."

"We examined a bunch of applications, more than 220 from about 100 leading software vendors, and found that most every one had the vulnerability," said Kolsek. Acros built a specialized tool to help its researchers pinpoint which applications were vulnerable.

http://www.computerworld.com/s/article/918...t?taxonomyId=17

UPDATE : Microsoft has released a Fix-It tool to address the problem. This Fix-It tool will work only after installing the update KB2264107.

Edited by Romeo29, 04 September 2010 - 10:17 AM.


BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:26 AM

Posted 23 August 2010 - 01:48 PM

More details are now available for this vulnerability which is now being called "Remote Binary Plant" bug.

http://blogs.pcmag.com/securitywatch/2010/...emote_binar.php
http://www.theregister.co.uk/2010/08/20/wi...execution_vuln/

Researchers of ACROS security who discovered this bug in Windows have started a blog to follow this issue : http://acrossecurity.blogspot.com/

Meanwhile, Microsoft has declined to release any patch for this vulnerability saying that this is not Windows problem but application specific problem.
http://www.computerworld.com/s/article/918...s?taxonomyId=17

Edited by Romeo29, 23 August 2010 - 01:54 PM.


#3 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:26 AM

Posted 24 August 2010 - 02:23 PM

Microsoft has issued a tool to handle the "Remote Binary Plant" or "Remote DLL loading" bug. Though this bug is present in all versions of Windows, yet the tool is released only for XP, 2008, Vista and 7.

This tool is just a way to secure the system against a possible attack and is intended only for developers and administrators. This tool can be used to block a location to be used for loading DLLs. You can block a location for all applications or for particular applications only.

http://support.microsoft.com/kb/2264107

#4 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:26 AM

Posted 25 August 2010 - 07:42 PM

Finally attacks using this "Remote Binary Plant" bug are being seen in the wild. Attack codes for more than 40 Windows applications are public and being used. The applications include Firefox, Chrome, Safari, Opera,Microsoft's Word 2007, Adobe's Photoshop, Skype, uTorrent and others.

http://www.computerworld.com/s/article/918...or_40_plus_apps

#5 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:05:26 AM

Posted 26 August 2010 - 06:53 AM

Thanks Romeo29 for the updates.

#6 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:06:26 AM

Posted 28 August 2010 - 12:04 AM

Oh wow. I think MS should have thought about this way back in 1995 when they thought up the Windows OS, don't you?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#7 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:26 AM

Posted 28 August 2010 - 12:44 PM

List of vulnerable applications is increasing every day. An independent researcher has listed about 85 applications : http://www.corelan.be:8800/index.php/2010/...nofficial-list/

UTorrent and VLC Player have become the first applications to update and patch against the "Remote binary plant" (also being called "Remote DLL Loading" or the "DLL Hijack") bug.

Metasploit has released a tool to scan and identify vulnerable applications on your system (Only for advanced users)
EDIT : Link removed as many anti-virus engines reported it as trojan.

Edited by Romeo29, 29 August 2010 - 08:37 PM.


#8 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:26 AM

Posted 02 September 2010 - 09:06 PM

ACROS Security released a list of SHA-256 hashes of the files vulnerable to this attack.
http://blog.acrossecurity.com/2010/08/rele...-of-binary.html

I have written a program which scans files on your system according to that list. You can download and scan your system for these files too (see the attachment).

Attached Files


Edited by Romeo29, 02 September 2010 - 09:17 PM.


#9 Martel

Martel

    Drfixup Human Internet Solutions


  • Members
  • 1,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina U.S.A.
  • Local time:05:26 AM

Posted 02 September 2010 - 09:25 PM

I have written a program which scans files on your system according to that list. You can download and scan your system for these files too (see the attachment).


Can't get that .zip file

EDIT..o.k. I got it that time

How's this Posted ImageNo found.log

Edited by Martel, 02 September 2010 - 09:59 PM.


#10 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:26 AM

Posted 02 September 2010 - 10:18 PM

If it finds anything only then, it will generate found.log and open it up for you. If it does not find anything, then you will not see any log. Yes, dumb programming :thumbsup:

#11 Martel

Martel

    Drfixup Human Internet Solutions


  • Members
  • 1,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina U.S.A.
  • Local time:05:26 AM

Posted 02 September 2010 - 10:21 PM

I am glad ..

No news is good news.


Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users