Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: mercenary
« on: 02. August 2010., 18:51:58 »

Posted by: Samker
« on: 19. July 2010., 06:15:26 »

Windows shortcut vulnerability with rootkit - detailed video demo

Microsoft issued a security bulletin on Friday to warn customers of a 0-day exploit involving the Windows Shell: http://www.microsoft.com/technet/security/advisory/2286198.mspx

The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has "seen only limited, targeted attacks on this vulnerability."

For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft's advisory, exploitation may also be possible via network shares and WebDAV shares: http://www.microsoft.com/technet/security/advisory/2286198.mspx
Microsoft states that the exploit affects all Windows versions since Windows XP, including Windows 7. However, Security Researcher Chester Wisniewski of Sophos, reports that Windows 2000 and Windows XP SP2 (both unsupported by Microsoft) are affected by the flaw: http://www.sophos.com/blogs/chetw/g/2010/07/16/windows-day-attack-works-windows-systems/

Sophos explain that the flaw bypasses all Windows 7 security mechanisms, including UAC, and doesn't require administrative privilege to run. In a blog posting, Sophos researchers demonstrate the flaw (see above) on Windows 7, which becomes infected with a rootkit as a result.

Microsoft says users could halt attacks by disabling icons for shortcuts and switching off the WebClient service. Unfortunately the suggestion is far from ideal for most corporate customers, disabling icon shortcuts will likely result in mass confusion for users and turning off the WebClient service will render Microsoft SharePoint useless. Microsoft has not confirmed when a patch will be made available for the issue. The company's next patch Tuesday is scheduled on August 10.

(NW)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising