[Share] window rushing out patch for vulnerability
vicky
1cankhan at gmail.com
Thu Jul 29 11:14:55 MYT 2010
It's been a busy 24 hours looking into this newest flaw in Windows. Lots of research has gone into it and most of the results are not good news for Windows
users. It is important to think about this attack as two separate pieces, one that is a new zero-day vulnerability that could easily be adopted by any
malware author, the other a unique payload that appears to be designed to go after some very specific infrastructure targets.
For corporate users (unless you run a power plant, water system or other
SCADA
system) the important part is the zero-day flaw. Warning: I am about to go a bit geeky.
The flaw is in how shell32.dll tries to load control panel icons from applets. By making a specially crafted shortcut pointing to a malicious file, you
can make Windows Explorer blindly execute the malicious file when the location of the shortcut is merely browsed to. In this case the malicious file is
a rootkit and a dropper that immediately hide the special shortcut (.lnk) files. Allowing executable code to load in the process of trying to retrieve
an icon seems like a major oversight in the design of Windows.
to continue, go to sophos below :
http://www.sophos.com/blogs/chetw/g/2010/07/16/windows-day-attack-works-windows-systems/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ncbm.org.my/pipermail/share/attachments/20100729/91cd709a/attachment.htm
More information about the Share
mailing list