[Share] Bls: window rushing out patch for vulnerability
Komuniti oku
komuniti.oku at gmail.com
Thu Jul 29 23:48:49 MYT 2010
Ini cerita windows yang mana satu?
Blog saya Twitter saya Facebook saya Windows Live Messenger saya Yahoo messenger saya Skype: ultraman5984 Laman 1Malaysia Laman Facebook Dato Sri Najib Tun Abdul Razak
Daripada: vicky
Tarikh: 29 July, 2010 11:14 AM
Kepada: share at ncbm.org.my
Subjek: [Share] window rushing out patch for vulnerability
It's been a busy 24 hours looking into this newest flaw in Windows. Lots of research has gone into it and most of the results are not good news for Windows
users. It is important to think about this attack as two separate pieces, one that is a new zero-day vulnerability that could easily be adopted by any
malware author, the other a unique payload that appears to be designed to go after some very specific infrastructure targets.
For corporate users (unless you run a power plant, water system or other
SCADA
system) the important part is the zero-day flaw. Warning: I am about to go a bit geeky.
The flaw is in how shell32.dll tries to load control panel icons from applets. By making a specially crafted shortcut pointing to a malicious file, you
can make Windows Explorer blindly execute the malicious file when the location of the shortcut is merely browsed to. In this case the malicious file is
a rootkit and a dropper that immediately hide the special shortcut (.lnk) files. Allowing executable code to load in the process of trying to retrieve
an icon seems like a major oversight in the design of Windows.
to continue, go to sophos below :
http://www.sophos.com/blogs/chetw/g/2010/07/16/windows-day-attack-works-windows-systems/
--------------------------------------------------------------------------------
_______________________________________________
Share mailing list
Share at ncbm.org.my
http://lists.ncbm.org.my/cgi-bin/mailman/listinfo/share
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ncbm.org.my/pipermail/share/attachments/20100729/3c10d10e/attachment-0001.htm
More information about the Share
mailing list