Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Windows LNK Vulnerability.

  1. #1

    Windows LNK Vulnerability.

    ISC (SANS) have raised their threat level to yellow, which to me is a good sign that this issue will be exploited in mass effect soon.

    Please go through, if you manage Information Systems Security in Enterprise environment:

    http://www.microsoft.com/technet/sec...y/2286198.mspx

    http://krebsonsecurity.com/2010/07/e...shortcut-flaw/
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Looks like it's getting into the wild:

    http://www.zdnet.co.uk/news/security...575/?s_cid=938

    The malware, which has been labelled 'Stuxnet' by security researchers, has been seen in the wild in India, Iran, the US and Indonesia,

  3. #3
    "India"

    I think its time i take a vacation.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    The worst is that Microsoft is giving the exploit the cold shoulder >.<

  5. #5
    Banned
    Join Date
    Jan 2008
    Posts
    605
    So let me get this straight...

    The advisory is that shortcuts execute files? O RLY?!?!

    Make way, citizens, Captian Obvious to the rescue!!

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Quote Originally Posted by The-Spec View Post
    So let me get this straight...

    The advisory is that shortcuts execute files? O RLY?!?!

    Make way, citizens, Captian Obvious to the rescue!!
    I think it has more to do with the icon than with the shortcut.

    from nihil's link:
    Microsoft said that Stuxnet could allow an attacker to take control of a system, and it is investigating the malware. In the meantime, IT professionals can disable shortcut icons to mitigate the threat, the company advised.
    From the MS advisory:
    The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.
    So yes, the shortcuts do execute files, but the icons are not supposed to execute code when they are simply viewed.
    Last edited by westin; July 22nd, 2010 at 04:53 PM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    What makes this exploit really scary in my opinion is when it is coupled with drive-by downloads/xss. Browsers are already insecure enough as it is, now say a user visits a malicious page which then downloads a malicious .lnk file. A lot of browsers open up a download window which can then lets the .lnk to run rampant on the machine. It could then execute a shatter attack or some other escalation privilege attack and pretty much root the system right then and there.

    It looks like Microsoft is telling people to disable .lnk and .pif files until everything is made kosher once again and has even provided a tool to help users disable them. That sure is nice of them considering their first stance was "Oh, it isn't THAT big of a deal!"

  8. #8
    Banned
    Join Date
    Jan 2008
    Posts
    605
    A lot of browsers open up a download window which can then lets the .lnk to run rampant on the machine.
    Yeah, assuming you've already accepted it as a download and the file menu doesn't automaticly close before displaying the file. At that point why not just link people to an executable and flat-out ask people to run it as admin.

  9. #9
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    Have you ever even heard of a drive-by downloading attack T-spec? You don't need the user permission to download the file in case you haven't. Once it is there, most browsers will have it open automatically by default, if they don't, more than likely they will download something and then you have them less they just want to keep their download sitting there......... I honestly don't know whether or not I should take your post seriously though.....
    Last edited by SnugglesTheBear; July 23rd, 2010 at 07:04 AM.

  10. #10
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Your response would be fine and dandy if it had any relivance to the subject at hand... or would even fit into whatever point your trying to make.

    This flaw isn't going to have the effect of lets say... adobe products. And explorer itself couldn't be effected remotely since it uses default icons as a represention of files that aren't directly located on the drive. It would have to already be on disk and displayed within a file menu to take any sort of effect.

Similar Threads

  1. Whats a good stable OS?
    By s3nate in forum Operating Systems
    Replies: 25
    Last Post: July 20th, 2004, 10:32 AM
  2. Usefull Windows XP, 2k, NT, and 9x tips and tweaks
    By Cybr1d in forum Miscellaneous Security Discussions
    Replies: 11
    Last Post: June 10th, 2004, 12:09 AM
  3. Windows Tweaks II
    By DeadAddict in forum Other Tutorials Forum
    Replies: 3
    Last Post: November 18th, 2003, 01:20 PM
  4. Operating System Selection
    By TheFiend in forum Miscellaneous Security Discussions
    Replies: 30
    Last Post: June 14th, 2003, 11:08 PM
  5. MS 1st critical update of 2003
    By qwerty_smith in forum Microsoft Security Discussions
    Replies: 1
    Last Post: February 5th, 2003, 09:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •