1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Critical Windows flaw uncovered

Discussion in 'Article Discussion' started by CardJoe, 19 Jul 2010.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
  2. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,852
    Likes Received:
    916
    Ouch. Tho it doesn't seem that bad on Windows 7, autorun is off by default. What about XP and Vista? Is it the same on these? I bet Windows ME is safe on this one.
     
  3. leexgx

    leexgx CPC hang out zone (i Fix pcs i do )

    Joined:
    28 Jun 2006
    Posts:
    1,356
    Likes Received:
    8
    not an auto run bug, short cut bug (read the last part)
     
  4. perplekks45

    perplekks45 LIKE AN ANIMAL!

    Joined:
    9 May 2004
    Posts:
    7,548
    Likes Received:
    1,786
    Not a severe bug, just don't use .lnk files...
    Still they should patch that as quickly as possible, Joe Average ain't the sharpest tool in the box.
     
  5. Jack_Pepsi

    Jack_Pepsi Clan BeeR Founder

    Joined:
    24 Apr 2006
    Posts:
    646
    Likes Received:
    11
    It doesn't matter at all for the average user, it's already too late for them and their ignorance. They'll continue to use Limewire blissfully unaware. The majority believe that the scare-ware AV software that's doing the rounds is actually their AV.

    Tell them that shortcut icons can be exploited and they'll go around deleting everything.
     
  6. DarkLord7854

    DarkLord7854 What's a Dremel?

    Joined:
    22 Jun 2005
    Posts:
    4,643
    Likes Received:
    121
    I have to admit that the thought of telling someone that and seeing them do that would be highly entertaining and thoroughly amusing :hehe:
     
  7. Jack_Pepsi

    Jack_Pepsi Clan BeeR Founder

    Joined:
    24 Apr 2006
    Posts:
    646
    Likes Received:
    11
    That it would.

    :D
     
  8. HourBeforeDawn

    HourBeforeDawn a.k.a KazeModz

    Joined:
    26 Oct 2006
    Posts:
    2,637
    Likes Received:
    6
    Im confused I thought they released an Update a while back that stopped Auto Run from starting to stop or slowdown that one cornflickerwhatever virus? I know when I plug in removable media nothing happens until I go and actually open it.
     
  9. Jim

    Jim Ineptimodder

    Joined:
    2 Sep 2007
    Posts:
    311
    Likes Received:
    7
    I can't delete Recycle Bin! Help!

    ;)
     
  10. Grimloon

    Grimloon What's a Dremel?

    Joined:
    4 Sep 2008
    Posts:
    885
    Likes Received:
    30
    Congratulations! You just won the understatement of the year award! :D

    A fix would be very nice (right now, please?) as one of our users almost had a call logged today as "Too blonde to use scanner - clue-by-4 required" (I get in trouble for that sort of thing, it's considered unprofessional) and I shudder to think what can be done by the blind clicking on the "Yes" button can cause if this flaw goes unpatched.

    Much as I detest patch Tuesday it serves a purpose and this bunny should be right up there on the list as "Critical".
     
  11. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    ah yeah autorun.inf trojaning.. I used to silk rope trojan onto the setup (granted this was a long time ago when autorun was on by default).. it was a guaranteed thing as soon as they put in the disk

    my messenger would pop and the ip would be in the irc channel.. oh those were the days- I dunno if you guys remember the oob nuke on windows 95.. you nuke whole groups of people on the internet by hitting blocks of ip's randomly and make their rigs bsod xD

    the av software has gotten pretty good.. your more prone to phishing someone's info than getting a trojan installed successfully.. human error will always be the biggest factor

    anyone running the uac full up and tests the software they install in a vm beforehand- they'll have no problems for the most part

    I'd like to see that in the next version of windows.. a feature like in acronis true image home- where your able to install something and 'revert' back instead of relying on backups.. the restore does an ok job but a lot of times they just erase the restore points

    I do think many of the trojans written today are by the av companies.. they gotta keep the wheel greased- they also aren't fond of the uac.. but microsoft default on the uac in windows 7 is pretty shitty- you have to turn it up to get any real use out of it.. it should be on or off
     
  12. MrZephyr

    MrZephyr What's a Dremel?

    Joined:
    18 Dec 2009
    Posts:
    20
    Likes Received:
    0
    Check out the US-CERT website, they say there is a workaround available:

    http://www.us-cert.gov/current/index.html#microsoft_windows_lnk_vulnerability

    Microsoft Windows LNK Vulnerability
    added July 16, 2010 at 10:08 am | updated July 19, 2010 at 09:02 am

    US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for LNK files. Microsoft uses LNK files, commonly referred to as "shortcuts," as references to files or applications.

    By convincing a user to display a specially-crafted LNK file, an attacker may be able to execute arbitrary code that would give the attacker the privileges of the user. Viewing the location of an LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive is connected, thus opening the location of the LNK and triggering the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user.

    Microsoft has released Microsoft Security Advisory 2286198 in response to this issue. Users are encouraged to review the advisory and consider implementing the workarounds listed to reduce the threat of known attack vectors. Please note that implementing these workarounds may affect functionality. The workarounds include

    * disabling the display of icons for shortcuts
    * disabling the WebClient service

    In addition to implementing the workarounds listed in Microsoft Security Advisory 2286198, US-CERT encourages users and administrators to consider implementing the following best practice security measures to help further reduce the risks of this and other vulnerabilities:

    * Disable AutoRun as described in Microsoft Support article 967715.
    * Implement the principle of least privilege as defined in the Microsoft TechNet Library.
    * Maintain up-to-date antivirus software.

    Additional information can be found in the US-CERT Vulnerability Note VU#940193.

    US-CERT will provide additional information as it becomes available.
     
  13. Altron

    Altron Minimodder

    Joined:
    12 Dec 2002
    Posts:
    3,186
    Likes Received:
    61
    Would deleting the recycle bin be the same as dividing by zero?
     
  14. Grimloon

    Grimloon What's a Dremel?

    Joined:
    4 Sep 2008
    Posts:
    885
    Likes Received:
    30
    I wish! The implosion in the space time continuum caused should be localised and therefore only eliminate the specific perpetrator rather than the whole universe. We can, at least, hope that this would be the case.

    Full credit for the rational approach. We're talking about end users here - "To click or not to click, that is the question. Whether 'tis nobler..." (I sincerely apologise for seriously mauling that quote but I hope that you get the picture I'm seeing at the moment). The rational, secure approach is for the geeks/network techs. For everyone else it's simply a case of "What happens if I click on this?" and some bugger else has to clean up the mess.
     
  15. DarkLord7854

    DarkLord7854 What's a Dremel?

    Joined:
    22 Jun 2005
    Posts:
    4,643
    Likes Received:
    121
    If I recall actually, a lot of people had problems with deleting their recycle bin and then couldn't get it back :hehe:
     
  16. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    wow that's pretty bad.. you just have to view the lnk in the explorer to execute the code.. so it's to do with executing the code through an overflow when it goes to load the icon

    man that's sick.. you can't even view a file without getting it up the yahoo :D something like this would have been caught on open source a long time ago
     
  17. Altron

    Altron Minimodder

    Joined:
    12 Dec 2002
    Posts:
    3,186
    Likes Received:
    61
    Whoa. Dude. It's like there is a recycle bin in the recycle bin. Like, the circle of life, bro. Far out, man. It's like a double rainbow.
     
  18. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,852
    Likes Received:
    916
    I did read it all, assuming you know what shortcuts you have on your desktop...
     
  19. leexgx

    leexgx CPC hang out zone (i Fix pcs i do )

    Joined:
    28 Jun 2006
    Posts:
    1,356
    Likes Received:
    8
    but the point is just viewing the shortcut (not clicking on it just the file in the list) seems to be able to trigger the issue got to be the Worst type of bug i have ever seen (ok msblaster was the best one :p for users who lacked an router or just not enable the windows firewall as that can stop it as well)
     
  20. CopperCAT

    CopperCAT What's a Dremel?

    Joined:
    4 Aug 2004
    Posts:
    5
    Likes Received:
    0
    In windows 95, you could install applications in the recycle bin... And never be able to remove them anymore.
     
Tags: Add Tags

Share This Page