-
July 19th, 2010, 06:33 PM
#1
Windows LNK Vulnerability.
ISC (SANS) have raised their threat level to yellow, which to me is a good sign that this issue will be exploited in mass effect soon.
Please go through, if you manage Information Systems Security in Enterprise environment:
http://www.microsoft.com/technet/sec...y/2286198.mspx
http://krebsonsecurity.com/2010/07/e...shortcut-flaw/
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
July 19th, 2010, 09:45 PM
#2
Looks like it's getting into the wild:
http://www.zdnet.co.uk/news/security...575/?s_cid=938
The malware, which has been labelled 'Stuxnet' by security researchers, has been seen in the wild in India, Iran, the US and Indonesia,
-
July 20th, 2010, 12:06 PM
#3
"India"
I think its time i take a vacation.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
July 20th, 2010, 04:35 PM
#4
The worst is that Microsoft is giving the exploit the cold shoulder >.<
-
July 22nd, 2010, 04:40 PM
#5
So let me get this straight...
The advisory is that shortcuts execute files? O RLY?!?!
Make way, citizens, Captian Obvious to the rescue!!
-
July 22nd, 2010, 04:50 PM
#6
Originally Posted by The-Spec
So let me get this straight...
The advisory is that shortcuts execute files? O RLY?!?!
Make way, citizens, Captian Obvious to the rescue!!
I think it has more to do with the icon than with the shortcut.
from nihil's link:
Microsoft said that Stuxnet could allow an attacker to take control of a system, and it is investigating the malware. In the meantime, IT professionals can disable shortcut icons to mitigate the threat, the company advised.
From the MS advisory:
The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.
So yes, the shortcuts do execute files, but the icons are not supposed to execute code when they are simply viewed.
Last edited by westin; July 22nd, 2010 at 04:53 PM.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
July 22nd, 2010, 05:42 PM
#7
What makes this exploit really scary in my opinion is when it is coupled with drive-by downloads/xss. Browsers are already insecure enough as it is, now say a user visits a malicious page which then downloads a malicious .lnk file. A lot of browsers open up a download window which can then lets the .lnk to run rampant on the machine. It could then execute a shatter attack or some other escalation privilege attack and pretty much root the system right then and there.
It looks like Microsoft is telling people to disable .lnk and .pif files until everything is made kosher once again and has even provided a tool to help users disable them. That sure is nice of them considering their first stance was "Oh, it isn't THAT big of a deal!"
-
July 23rd, 2010, 05:45 AM
#8
A lot of browsers open up a download window which can then lets the .lnk to run rampant on the machine.
Yeah, assuming you've already accepted it as a download and the file menu doesn't automaticly close before displaying the file. At that point why not just link people to an executable and flat-out ask people to run it as admin.
-
July 23rd, 2010, 06:48 AM
#9
Have you ever even heard of a drive-by downloading attack T-spec? You don't need the user permission to download the file in case you haven't. Once it is there, most browsers will have it open automatically by default, if they don't, more than likely they will download something and then you have them less they just want to keep their download sitting there......... I honestly don't know whether or not I should take your post seriously though.....
Last edited by SnugglesTheBear; July 23rd, 2010 at 07:04 AM.
-
July 23rd, 2010, 01:55 PM
#10
Your response would be fine and dandy if it had any relivance to the subject at hand... or would even fit into whatever point your trying to make.
This flaw isn't going to have the effect of lets say... adobe products. And explorer itself couldn't be effected remotely since it uses default icons as a represention of files that aren't directly located on the drive. It would have to already be on disk and displayed within a file menu to take any sort of effect.
Similar Threads
-
By s3nate in forum Operating Systems
Replies: 25
Last Post: July 20th, 2004, 10:32 AM
-
By Cybr1d in forum Miscellaneous Security Discussions
Replies: 11
Last Post: June 10th, 2004, 12:09 AM
-
By DeadAddict in forum Other Tutorials Forum
Replies: 3
Last Post: November 18th, 2003, 01:20 PM
-
By TheFiend in forum Miscellaneous Security Discussions
Replies: 30
Last Post: June 14th, 2003, 11:08 PM
-
By qwerty_smith in forum Microsoft Security Discussions
Replies: 1
Last Post: February 5th, 2003, 09:41 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|